Dataset info
| Number of variables | 169 |
|---|---|
| Number of observations | 88 |
| Missing cells | 10026 (67.4%) |
| Duplicate rows | 0 (0.0%) |
| Total size in memory | 116.3 KiB |
| Average record size in memory | 1.3 KiB |
Variables types
| Numeric | 1 |
|---|---|
| Categorical | 70 |
| Boolean | 3 |
| Date | 0 |
| URL | 2 |
| Text (Unique) | 0 |
| Rejected | 92 |
| Unsupported | 0 |
Warnings
action_status has 78 (88.6%) missing values | Missing |
Address has constant value "nan" | Rejected |
Alberta_Health_Risk_Assessment has constant value "Unknown" | Rejected |
Alerts has 14 (15.9%) missing values | Missing |
Assessed_Liability has constant value "0" | Rejected |
Attachment_SHA has 85 (96.6%) missing values | Missing |
BU_Code_Legacy has constant value "nan" | Rejected |
BU_Status has constant value "nan" | Rejected |
Category has 42 (47.7%) missing values | Missing |
City has constant value "nan" | Rejected |
Click_Time has 45 (51.1%) missing values | Missing |
computer_last_detection_time has constant value "nan" | Rejected |
computer_name has 78 (88.6%) missing values | Missing |
computer_number_of_infections has 78 (88.6%) missing values | Missing |
Condemnation_Time has 42 (47.7%) missing values | Missing |
Condition_ID has constant value "nan" | Rejected |
Country/Region has 86 (97.7%) missing values | Missing |
Data_Compromised has constant value "Unknown" | Rejected |
Data_Encrypted has constant value "Unknown" | Rejected |
Data_Format has constant value "nan" | Rejected |
Date_Closed has a high cardinality: 80 distinct values | Warning |
Date_Created has a high cardinality: 73 distinct values | Warning |
Date_Determined has a high cardinality: 73 distinct values | Warning |
Date_Discovered is a recoding of Date_Determined | Rejected |
Date_Occurred has a high cardinality: 76 distinct values | Warning |
Delivery_Time has 82 (93.2%) missing values | Missing |
Dell_Secureworks_Alert_Source has 84 (95.5%) missing values | Missing |
Dell_Secureworks_Category has 84 (95.5%) missing values | Missing |
Dell_Secureworks_Category_Class has 84 (95.5%) missing values | Missing |
Dell_Secureworks_Classification has 84 (95.5%) missing values | Missing |
Dell_Secureworks_Close_Action has constant value "nan" | Rejected |
Dell_Secureworks_Close_Code has constant value "nan" | Rejected |
Dell_Secureworks_Description has 84 (95.5%) missing values | Missing |
Dell_Secureworks_Event_Source has 84 (95.5%) missing values | Missing |
Dell_Secureworks_Priority has 84 (95.5%) missing values | Missing |
Dell_Secureworks_Sensor_Name has 87 (98.9%) missing values | Missing |
Dell_Secureworks_Subject has 82 (93.2%) missing values | Missing |
Dell_Secureworks_Ticket# has 83 (94.3%) missing values | Missing |
Dell_Secureworks_Ticket_Type has 84 (95.5%) missing values | Missing |
Department has constant value "nan" | Rejected |
Description has a high cardinality: 61 distinct values | Warning |
Destination_IP has constant value "nan" | Rejected |
Destination_Port has constant value "nan" | Rejected |
detection_interval has constant value "nan" | Rejected |
detection_time has 78 (88.6%) missing values | Missing |
Directionality has 25 (28.4%) missing values | Missing |
domain has 78 (88.6%) missing values | Missing |
Employee has constant value "nan" | Rejected |
Employee_Involved has constant value "Unknown" | Rejected |
Employee_Involvement has constant value "Unknown" | Rejected |
Esclated_To_BU_IT has constant value "nan" | Rejected |
Exposure_Resolved has constant value "Unknown" | Rejected |
Exposure_Type has constant value "Unknown" | Rejected |
file_path has constant value "nan" | Rejected |
GDPR_Breach_Circumstances has constant value "nan" | Rejected |
GDPR_Breach_Type has constant value "nan" | Rejected |
GDPR_Breach_Type_Comment has constant value "nan" | Rejected |
GDPR_Consequences has constant value "nan" | Rejected |
GDPR_Consequences_Comment has constant value "nan" | Rejected |
GDPR_Final_Assessment has constant value "nan" | Rejected |
GDPR_Final_Assessment_Comment has constant value "nan" | Rejected |
GDPR_Identification has constant value "nan" | Rejected |
GDPR_Identification_Comment has constant value "nan" | Rejected |
GDPR_Personal_Data has constant value "nan" | Rejected |
GDPR_Personal_Data_Comment has constant value "nan" | Rejected |
GDPR_Subsequent_Notification has constant value "Unknown" | Rejected |
Guest_Network_Involvement has constant value "No" | Rejected |
Harm_Foreseeable has constant value "Unknown" | Rejected |
Header_From has 42 (47.7%) missing values | Missing |
Header_Reply_To has 42 (47.7%) missing values | Missing |
Host_Involved has constant value "nan" | Rejected |
Host_Name has constant value "nan" | Rejected |
Hours_worked has constant value "nan" | Rejected |
HX_Agent_ID has constant value "nan" | Rejected |
HX_Hostname has constant value "nan" | Rejected |
HX_IP has constant value "nan" | Rejected |
HX_UUID has constant value "nan" | Rejected |
HXname has constant value "nan" | Rejected |
Impact_Likely has constant value "Unknown" | Rejected |
Impacted_System has constant value "nan" | Rejected |
Incident_Type has 5 (5.7%) missing values | Missing |
Individual_Name has constant value "nan" | Rejected |
Is_vulnerable? has constant value "Unknown" | Rejected |
Item_Number has constant value "nan" | Rejected |
Joe_Sandbox_Result has constant value "nan" | Rejected |
Jurisdiction has constant value "nan" | Rejected |
last_detection_time has 78 (88.6%) missing values | Missing |
Last_Modified has a high cardinality: 80 distinct values | Warning |
Lawful_Data_Processing_Categories has constant value "nan" | Rejected |
Location has constant value "nan" | Rejected |
Machine_Compromised has 25 (28.4%) missing values | Missing |
malware_file_path has 80 (90.9%) missing values | Missing |
malware_name has 78 (88.6%) missing values | Missing |
Members has constant value "nan" | Rejected |
Message_ID has 82 (93.2%) missing values | Missing |
Message_Size has 85 (96.6%) missing values | Missing |
Morphick_Ticket# has 86 (97.7%) missing values | Missing |
Morphick_Update has constant value "nan" | Rejected |
Name has a high cardinality: 52 distinct values | Warning |
Negative_PR has constant value "Unknown" | Rejected |
Next_Due_Date has constant value "nan" | Rejected |
NIST_Attack_Vectors has constant value "nan" | Rejected |
number_of_infections has 78 (88.6%) missing values | Missing |
Organization has constant value "GAIG" | Rejected |
Other_Alert_Source has constant value "nan" | Rejected |
other_path has constant value "nan" | Rejected |
Outbound_Threat_Type has 25 (28.4%) missing values | Missing |
Personal_Email has constant value "No" | Rejected |
PIPEDA_Other_Factors has constant value "nan" | Rejected |
PIPEDA_Other_Factors_Comment has constant value "nan" | Rejected |
PIPEDA_Overall_Assessment has constant value "nan" | Rejected |
PIPEDA_Overall_Assessment_Comment has constant value "nan" | Rejected |
PIPEDA_Probability_of_Misuse has constant value "nan" | Rejected |
PIPEDA_Probability_of_Misuse_Comment has constant value "nan" | Rejected |
PIPEDA_Sensitivity_of_PI has constant value "nan" | Rejected |
PIPEDA_Sensitivity_of_PI_Comment has constant value "nan" | Rejected |
Protocol has constant value "nan" | Rejected |
Recipient has 38 (43.2%) missing values | Missing |
ref_number has 86 (97.7%) missing values | Missing |
remediation_action has 78 (88.6%) missing values | Missing |
Remidiation_Source has constant value "nan" | Rejected |
Reporting_Individual has 18 (20.5%) missing values | Missing |
Resolution_Summary has a high cardinality: 67 distinct values | Warning |
Risk_of_Harm has constant value "nan" | Rejected |
Sender has 42 (47.7%) missing values | Missing |
Sender_IP has 42 (47.7%) missing values | Missing |
Sensor_Name has constant value "nan" | Rejected |
Service_Now_Ticket# has constant value "nan" | Rejected |
Simulation has constant value "No" | Rejected |
Source_IP has 45 (51.1%) missing values | Missing |
Source_of_Data has constant value "nan" | Rejected |
Source_Port has constant value "nan" | Rejected |
State has constant value "nan" | Rejected |
Status has constant value "Closed" | Rejected |
Subject has 42 (47.7%) missing values | Missing |
Threat_Type has constant value "nan" | Rejected |
Time_Spent_in_BU_IT has constant value "nan" | Rejected |
Timestamp has constant value "nan" | Rejected |
triage_status has constant value "nan" | Rejected |
URL has 45 (51.1%) missing values | Missing |
URL_Blocked has constant value "nan" | Rejected |
url_path has 86 (97.7%) missing values | Missing |
User_Agent has 45 (51.1%) missing values | Missing |
varonis_additional_data has constant value "nan" | Rejected |
varonis_desc has 85 (96.6%) missing values | Missing |
varonis_from has 85 (96.6%) missing values | Missing |
varonis_id has 85 (96.6%) missing values | Missing |
varonis_what has 85 (96.6%) missing values | Missing |
varonis_when has 85 (96.6%) missing values | Missing |
varonis_where has 85 (96.6%) missing values | Missing |
varonis_who has 85 (96.6%) missing values | Missing |
Vendor has constant value "nan" | Rejected |
Workspace has constant value "Default workspace" | Rejected |
xmatters_requestId has 87 (98.9%) missing values | Missing |
Zip has constant value "nan" | Rejected |
action_status
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 88.6% |
| Missing (n) | 78 |
| Succeeded | 10 |
|---|---|
| (Missing) |
| Value | Count | Frequency (%) | |
| Succeeded | 10 | 11.4% | |
| (Missing) | 78 | 88.6% |
| Max length | 9 |
|---|---|
| Mean length | 3.681818182 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | False |
Address
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Alberta_Health_Risk_Assessment
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Alert_Source
Categorical
| Distinct count | 10 |
|---|---|
| Unique (%) | 11.4% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| Proofpoint | |
|---|---|
| Preempt | |
| SCEP | |
| Other values (7) |
| Value | Count | Frequency (%) | |
| Proofpoint | 46 | 52.3% | |
| Preempt | 13 | 14.8% | |
| SCEP | 10 | 11.4% | |
| SecureWorks | 6 | 6.8% | |
| PhishMe | 4 | 4.5% | |
| Varonis | 3 | 3.4% | |
| Morphick | 2 | 2.3% | |
| 2 | 2.3% | ||
| Other | 1 | 1.1% | |
| FireEye HX | 1 | 1.1% |
| Max length | 11 |
|---|---|
| Mean length | 8.488636364 |
| Min length | 4 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
Alerts
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 15.9% |
| Missing (n) | 14 |
| 1 | |
|---|---|
| 3 | 1 |
| (Missing) | 14 |
| Value | Count | Frequency (%) | |
| 1 | 73 | 83.0% | |
| 3 | 1 | 1.1% | |
| (Missing) | 14 | 15.9% |
| Max length | 3 |
|---|---|
| Mean length | 3 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | True |
Assessed_Liability
Constant
This variable is constant and should be ignored for analysis
| Constant value | 0 |
|---|
Attachment_SHA
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 96.6% |
| Missing (n) | 85 |
| 872f0e65ce695f48b67ce59766b026149e66a81ce468d642f04e0b176bb0f306 | 1 |
|---|---|
| 19eaad73d300033d4fc2264f5292bdecf6e8426647cea8f713df48b5e4a3187c | 1 |
| 2fdf753ce8eacb52ddfbfb2971c3a928ac66be5693ed066b406a6a85098db7b6 | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| 872f0e65ce695f48b67ce59766b026149e66a81ce468d642f04e0b176bb0f306 | 1 | 1.1% | |
| 19eaad73d300033d4fc2264f5292bdecf6e8426647cea8f713df48b5e4a3187c | 1 | 1.1% | |
| 2fdf753ce8eacb52ddfbfb2971c3a928ac66be5693ed066b406a6a85098db7b6 | 1 | 1.1% | |
| (Missing) | 85 | 96.6% |
| Max length | 64 |
|---|---|
| Mean length | 5.079545455 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | False |
BU_Code
Categorical
| Distinct count | 25 |
|---|---|
| Unique (%) | 28.4% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| BG0033 | |
|---|---|
| BG0008 | |
| BG0057 | |
| Other values (22) |
| Value | Count | Frequency (%) | |
| BG0033 | 15 | 17.0% | |
| BG0008 | 12 | 13.6% | |
| BG0057 | 11 | 12.5% | |
| BG0060 | 10 | 11.4% | |
| BG0020 | 4 | 4.5% | |
| BG0MEX | 4 | 4.5% | |
| BG0051 | 4 | 4.5% | |
| LG0003 | 4 | 4.5% | |
| BG0002 | 3 | 3.4% | |
| BG0029 | 3 | 3.4% | |
| Other values (15) | 18 | 20.5% |
| Max length | 6 |
|---|---|
| Mean length | 6 |
| Min length | 6 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | False |
BU_Code_Legacy
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
BU_Status
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Business_Unit
Categorical
| Distinct count | 25 |
|---|---|
| Unique (%) | 28.4% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| Strategic Comp | |
|---|---|
| Crop Division | |
| National Interstate Ins | |
| Other values (22) |
| Value | Count | Frequency (%) | |
| Strategic Comp | 15 | 17.0% | |
| Crop Division | 12 | 13.6% | |
| National Interstate Ins | 11 | 12.5% | |
| AFG Enterprise IT Securit | 10 | 11.4% | |
| Summit | 4 | 4.5% | |
| IT Services | 4 | 4.5% | |
| Annuity Information Tech | 4 | 4.5% | |
| El Ag Specialty (Division Danos Mexico) | 4 | 4.5% | |
| Mid-Continent Group | 3 | 3.4% | |
| Bond Division | 3 | 3.4% | |
| Other values (15) | 18 | 20.5% |
| Max length | 39 |
|---|---|
| Mean length | 18.54545455 |
| Min length | 4 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
Categorization
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| Investigative | |
|---|---|
| Event |
| Value | Count | Frequency (%) | |
| Investigative | 65 | 73.9% | |
| Event | 23 | 26.1% |
| Max length | 13 |
|---|---|
| Mean length | 10.90909091 |
| Min length | 5 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | False |
Category
Categorical
| Distinct count | 5 |
|---|---|
| Unique (%) | 5.7% |
| Missing (%) | 47.7% |
| Missing (n) | 42 |
| phish | |
|---|---|
| malware | 4 |
| Malware | 2 |
| (Missing) |
| Value | Count | Frequency (%) | |
| phish | 39 | 44.3% | |
| malware | 4 | 4.5% | |
| Malware | 2 | 2.3% | |
| Phishing | 1 | 1.1% | |
| (Missing) | 42 | 47.7% |
| Max length | 9 |
|---|---|
| Mean length | 4.738636364 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
City
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Click_Time
Categorical
| Distinct count | 38 |
|---|---|
| Unique (%) | 43.2% |
| Missing (%) | 51.1% |
| Missing (n) | 45 |
| 9/17/2019 13:55 | 2 |
|---|---|
| 9/17/2019 13:53 | 2 |
| 9/17/2019 12:05 | 2 |
| Other values (34) | |
| (Missing) |
| Value | Count | Frequency (%) | |
| 9/17/2019 13:55 | 2 | 2.3% | |
| 9/17/2019 13:53 | 2 | 2.3% | |
| 9/17/2019 12:05 | 2 | 2.3% | |
| 9/19/2019 14:19 | 2 | 2.3% | |
| 9/9/2019 14:40 | 2 | 2.3% | |
| 8/29/2019 20:17 | 2 | 2.3% | |
| 9/17/2019 12:06 | 1 | 1.1% | |
| 8/23/2019 19:46 | 1 | 1.1% | |
| 9/6/2019 13:10 | 1 | 1.1% | |
| 9/12/2019 17:07 | 1 | 1.1% | |
| Other values (27) | 27 | 30.7% | |
| (Missing) | 45 | 51.1% |
| Max length | 15 |
|---|---|
| Mean length | 8.806818182 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
computer_last_detection_time
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
computer_name
Categorical
| Distinct count | 8 |
|---|---|
| Unique (%) | 9.1% |
| Missing (%) | 88.6% |
| Missing (n) | 78 |
| SCICITRIXF.ga.afginc.com | 3 |
|---|---|
| cvgwpvrns11.aag.GFRINC.NET | 2 |
| D-5R4XH02.gamcustom.local | 1 |
| Other values (4) | 4 |
| (Missing) |
| Value | Count | Frequency (%) | |
| SCICITRIXF.ga.afginc.com | 3 | 3.4% | |
| cvgwpvrns11.aag.GFRINC.NET | 2 | 2.3% | |
| D-5R4XH02.gamcustom.local | 1 | 1.1% | |
| FLMXL6260NM.summit.local | 1 | 1.1% | |
| V-SCI-FS1.ga.afginc.com | 1 | 1.1% | |
| ELD-0253020-AJD.ga.afginc.com | 1 | 1.1% | |
| GFR-CVG-0104281.ga.afginc.com | 1 | 1.1% | |
| (Missing) | 78 | 88.6% |
| Max length | 29 |
|---|---|
| Mean length | 5.545454545 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | True |
computer_number_of_infections
Boolean
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 88.6% |
| Missing (n) | 78 |
| 1 | 10 |
|---|---|
| (Missing) |
| Value | Count | Frequency (%) | |
| 1 | 10 | 11.4% | |
| (Missing) | 78 | 88.6% |
Condemnation_Time
Categorical
| Distinct count | 24 |
|---|---|
| Unique (%) | 27.3% |
| Missing (%) | 47.7% |
| Missing (n) | 42 |
| 9/17/2019 13:57 | |
|---|---|
| 8/31/2019 6:20 | 3 |
| 9/11/2019 1:38 | 3 |
| Other values (20) | |
| (Missing) |
| Value | Count | Frequency (%) | |
| 9/17/2019 13:57 | 9 | 10.2% | |
| 8/31/2019 6:20 | 3 | 3.4% | |
| 9/11/2019 1:38 | 3 | 3.4% | |
| 9/13/2019 14:22 | 3 | 3.4% | |
| 9/17/2019 13:32 | 3 | 3.4% | |
| 9/25/2019 18:31 | 3 | 3.4% | |
| 9/20/2019 15:52 | 2 | 2.3% | |
| 9/19/2019 15:01 | 2 | 2.3% | |
| 9/25/2019 17:59 | 2 | 2.3% | |
| 9/19/2019 15:09 | 2 | 2.3% | |
| Other values (13) | 14 | 15.9% | |
| (Missing) | 42 | 47.7% |
| Max length | 15 |
|---|---|
| Mean length | 9.125 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Condition_ID
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Country/Region
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 97.7% |
| Missing (n) | 86 |
| United States | 2 |
|---|---|
| (Missing) |
| Value | Count | Frequency (%) | |
| United States | 2 | 2.3% | |
| (Missing) | 86 | 97.7% |
| Max length | 13 |
|---|---|
| Mean length | 3.227272727 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
Created_By
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| Resilient Admin (resilient_automation@gaig.com) | |
|---|---|
| Resilient-Email Connector (irhubacct@rsystems.com) | 2 |
| Nik Whitis (nwhitis@gaig.com) | 1 |
| Value | Count | Frequency (%) | |
| Resilient Admin (resilient_automation@gaig.com) | 84 | 95.5% | |
| Resilient-Email Connector (irhubacct@rsystems.com) | 2 | 2.3% | |
| Nik Whitis (nwhitis@gaig.com) | 1 | 1.1% | |
| Gene Kazimiarovich (gkazimiarovich@gaig.com) | 1 | 1.1% |
| Max length | 50 |
|---|---|
| Mean length | 46.82954545 |
| Min length | 29 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
Criminal_Activity
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| No | |
|---|---|
| Unknown | 2 |
| Value | Count | Frequency (%) | |
| No | 86 | 97.7% | |
| Unknown | 2 | 2.3% |
| Max length | 7 |
|---|---|
| Mean length | 2.113636364 |
| Min length | 2 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | False |
Data_Compromised
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Data_Encrypted
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Data_Format
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Date_Closed
Categorical
| Distinct count | 80 |
|---|---|
| Unique (%) | 90.9% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| 9/26/2019 11:04 | 3 |
|---|---|
| 9/3/2019 8:16 | 2 |
| 9/26/2019 11:09 | 2 |
| Other values (77) |
| Value | Count | Frequency (%) | |
| 9/26/2019 11:04 | 3 | 3.4% | |
| 9/3/2019 8:16 | 2 | 2.3% | |
| 9/26/2019 11:09 | 2 | 2.3% | |
| 9/20/2019 12:10 | 2 | 2.3% | |
| 9/25/2019 14:54 | 2 | 2.3% | |
| 9/17/2019 11:09 | 2 | 2.3% | |
| 9/17/2019 11:08 | 2 | 2.3% | |
| 9/19/2019 15:13 | 1 | 1.1% | |
| 9/6/2019 14:45 | 1 | 1.1% | |
| 9/23/2019 14:05 | 1 | 1.1% | |
| Other values (70) | 70 | 79.5% |
| Max length | 15 |
|---|---|
| Mean length | 14.5 |
| Min length | 13 |
| Contains chars | False |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Date_Created
Categorical
| Distinct count | 73 |
|---|---|
| Unique (%) | 83.0% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| 9/17/2019 10:04 | 3 |
|---|---|
| 9/17/2019 9:59 | 3 |
| 9/17/2019 10:05 | 3 |
| Other values (70) |
| Value | Count | Frequency (%) | |
| 9/17/2019 10:04 | 3 | 3.4% | |
| 9/17/2019 9:59 | 3 | 3.4% | |
| 9/17/2019 10:05 | 3 | 3.4% | |
| 9/3/2019 20:47 | 2 | 2.3% | |
| 9/19/2019 11:05 | 2 | 2.3% | |
| 9/13/2019 10:23 | 2 | 2.3% | |
| 9/4/2019 9:54 | 2 | 2.3% | |
| 9/10/2019 21:39 | 2 | 2.3% | |
| 9/20/2019 11:52 | 2 | 2.3% | |
| 9/25/2019 14:01 | 2 | 2.3% | |
| Other values (63) | 65 | 73.9% |
| Max length | 15 |
|---|---|
| Mean length | 14.56818182 |
| Min length | 13 |
| Contains chars | False |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Date_Determined
Categorical
| Distinct count | 73 |
|---|---|
| Unique (%) | 83.0% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| 9/17/2019 10:04 | 3 |
|---|---|
| 9/17/2019 10:05 | 3 |
| 9/17/2019 9:59 | 3 |
| Other values (70) |
| Value | Count | Frequency (%) | |
| 9/17/2019 10:04 | 3 | 3.4% | |
| 9/17/2019 10:05 | 3 | 3.4% | |
| 9/17/2019 9:59 | 3 | 3.4% | |
| 8/31/2019 2:23 | 2 | 2.3% | |
| 9/4/2019 9:54 | 2 | 2.3% | |
| 9/10/2019 21:39 | 2 | 2.3% | |
| 9/20/2019 11:52 | 2 | 2.3% | |
| 9/13/2019 10:23 | 2 | 2.3% | |
| 9/3/2019 20:47 | 2 | 2.3% | |
| 9/19/2019 11:05 | 2 | 2.3% | |
| Other values (63) | 65 | 73.9% |
| Max length | 15 |
|---|---|
| Mean length | 14.56818182 |
| Min length | 13 |
| Contains chars | False |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Date_Discovered
Recoded
This variable is a recoding of Date_Determined and should be ignored for analysis
Date_Occurred
Categorical
| Distinct count | 76 |
|---|---|
| Unique (%) | 86.4% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| 9/17/2019 10:04 | 3 |
|---|---|
| 9/17/2019 9:59 | 3 |
| 9/3/2019 20:47 | 2 |
| Other values (73) |
| Value | Count | Frequency (%) | |
| 9/17/2019 10:04 | 3 | 3.4% | |
| 9/17/2019 9:59 | 3 | 3.4% | |
| 9/3/2019 20:47 | 2 | 2.3% | |
| 9/4/2019 9:54 | 2 | 2.3% | |
| 9/13/2019 10:23 | 2 | 2.3% | |
| 9/19/2019 11:05 | 2 | 2.3% | |
| 9/20/2019 11:52 | 2 | 2.3% | |
| 8/31/2019 2:23 | 2 | 2.3% | |
| 9/17/2019 10:05 | 2 | 2.3% | |
| 9/17/2019 10:00 | 2 | 2.3% | |
| Other values (66) | 66 | 75.0% |
| Max length | 15 |
|---|---|
| Mean length | 14.55681818 |
| Min length | 13 |
| Contains chars | False |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Delivery_Time
Categorical
| Distinct count | 7 |
|---|---|
| Unique (%) | 8.0% |
| Missing (%) | 93.2% |
| Missing (n) | 82 |
| 9/9/2019 14:39 | 1 |
|---|---|
| 9/9/2019 12:24 | 1 |
| 9/7/2019 4:33 | 1 |
| Other values (3) | 3 |
| (Missing) |
| Value | Count | Frequency (%) | |
| 9/9/2019 14:39 | 1 | 1.1% | |
| 9/9/2019 12:24 | 1 | 1.1% | |
| 9/7/2019 4:33 | 1 | 1.1% | |
| 9/19/2019 14:19 | 1 | 1.1% | |
| 9/19/2019 14:56 | 1 | 1.1% | |
| 9/23/2019 21:05 | 1 | 1.1% | |
| (Missing) | 82 | 93.2% |
| Max length | 15 |
|---|---|
| Mean length | 3.772727273 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Dell_Secureworks_Alert_Source
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 95.5% |
| Missing (n) | 84 |
| - | 2 |
|---|---|
| IDS | 2 |
| (Missing) |
| Value | Count | Frequency (%) | |
| - | 2 | 2.3% | |
| IDS | 2 | 2.3% | |
| (Missing) | 84 | 95.5% |
| Max length | 3 |
|---|---|
| Mean length | 2.954545455 |
| Min length | 1 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | True |
Dell_Secureworks_Category
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 95.5% |
| Missing (n) | 84 |
| - | 3 |
|---|---|
| Command and Control | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| - | 3 | 3.4% | |
| Command and Control | 1 | 1.1% | |
| (Missing) | 84 | 95.5% |
| Max length | 19 |
|---|---|
| Mean length | 3.113636364 |
| Min length | 1 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
Dell_Secureworks_Category_Class
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 95.5% |
| Missing (n) | 84 |
| - | 2 |
|---|---|
| Health | 1 |
| Security | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| - | 2 | 2.3% | |
| Health | 1 | 1.1% | |
| Security | 1 | 1.1% | |
| (Missing) | 84 | 95.5% |
| Max length | 8 |
|---|---|
| Mean length | 3.045454545 |
| Min length | 1 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | True |
Dell_Secureworks_Classification
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 95.5% |
| Missing (n) | 84 |
| - | 3 |
|---|---|
| Opportunistic | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| - | 3 | 3.4% | |
| Opportunistic | 1 | 1.1% | |
| (Missing) | 84 | 95.5% |
| Max length | 13 |
|---|---|
| Mean length | 3.045454545 |
| Min length | 1 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | True |
Dell_Secureworks_Close_Action
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Dell_Secureworks_Close_Code
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Dell_Secureworks_Description
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 95.5% |
| Missing (n) | 84 |
| - | 2 |
|---|---|
| ========================= Incident Overview ========================= We are seeing your 10.50.24.46/ddcidp8350.td.afg device generating 'Sourcefire Malware Event: W32.043030FA17-100.SBX.TG - INV39008.zip' alerts for traffic from 10.33.228.105/10.33.228.105 to 104.27.140.247 indicating that 10.33.228.105/10.33.228.105 has generated traffic matching an indicator residing on the Sourcefire malware cloud. The host at 10.33.228.105/10.33.228.105 may have been infected by File: inv39008.zip that was classified by Sourcefire as W32.043030FA17-100.SBX.TG. We are escalating this incident to you via a high priority ticket and phone call per our default event handling procedures. If you would like us to handle these incidents differently in the future (see below for handling options), or if you have any further questions or concerns, please let us know either by corresponding to us via this ticket and delegating the ticket back to the SOC, or by calling us at 877-838-7960. 1) Ticket only escalation for related events (medium priority ticket and an e-mail only notification). 2) Autoresolve events to the Portal (no explicit notification but events will be available for reporting purposes in the portal). Sincerely, SecureWorks SOC ========================= Technical Details ========================= Source: 10.33.228.105 FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 User: No Authentication RequiredFileName: inv39008.zip FileSize: 1091238 Name of threat from the Sourcefire event: W32.043030FA17-100.SBX.TG FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 Virus total link: https://www.virustotal.com/en/file/043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855/analysis/ User provided by Sourcefire (if available): No Authentication Required URI detected for this alert (if available): http://yasamkurusatis[.]com/wp-content/uploads/2019/09/files/INV39008[.]zip ========================= References ========================= Reference(s) From the Vendor: Threat Detected in Network File Transfer (Retrospective) ========================= Event Details ========================= Related Events: Event Count: 1 Total Occurrence Count: 1 Event ID: 309187393 Event Summary: Sourcefire Malware Event: W32.043030FA17-100.SBX.TG - INV39008.zip Occurrence Count: 1 Host and Connection Information Source IP: 10.33.228.105 Source Port: 23798 Destination IP: 104.27.140.247 Destination Port: 80 Destination IP Geolocation: San Francisco, USA Connection Directionality: OUTGOING Device Information Device IP: 10.50.24.46 Device Name: ddcidp8350.td.afg Log Time: 2019-09-25 at 19:47:22 Action: Not Blocked Vendor EventID: 1569440841:1:63870 CVSS Score: -1 Vendor Reference: Threat Detected in Network File Transfer (Retrospective) User: No Authentication Required Threat Name: W32.043030FA17-100.SBX.TG File Name: inv39008.zip File Size: 1091238 FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 SCWX Event Processing Information Sherlock Rule ID (SLE): 843571 Inspector Rule ID: 277082 Inspector Event ID: 3274253601 Ontology ID: 11 Event Type ID: 10 Agent ID: 125057 Event Detail: [***] Malware Event [Threat: W32.043030FA17-100.SBX.TG] [***] [Type: Threat Detected in Network File Transfer (Retrospective)] [Subtype: (0)] [Filename: INV39008.zip] [Hash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855] [FilePath: ] [FileType: ZIP] [FileSize: 1091238] [AppProtocol: HTTP] [ParentFilename: ] [ParentHash: ] [URI: http://yasamkurusatis.com/wp-content/uploads/2019/09/files/INV39008.zip] [Sensor ID: 45] [Event ID: 1569440841:1:63870] [Device: ddcidp8350] [User: No Authentication Required] [Detection: ] [FileTimestamp: 0] [Description: Retrospective Event, Thu Sep 26 02:24:27 2019(UTC), Old Disp: Neutral, New Disp: Malware, Threat Name: W32.043030FA17-100.SBX.TG; ] [Direction: Download] [FilePolicy: SWRX_AMP-Block_File-Block_Policy] [Disposition: UNKNOWN] [RetroDisposition: UNKNOWN] [DstCountry: united states] [SslActualAction: Unknown] [Action: Malware Cloud Lookup] [HTTP Response: 0] 09/25/2019-19:47:22.000000 10.33.228.105:23798 -> 104.27.140.247:80 [O:SECURITY] | 1 |
| Our event flow monitoring has detected a disruption in the flow of events from ddcidp82601-2.td.afg located at American Financial Group, Inc.. This system generated ticket indicates that SECURITY events have not been received from this device within defined limits. Status is DOWN; last SECURITY event received on Sat Aug 24 23:15:52 UTC 2019. If you would like to speak to a team member please call into the Security Operations Center at 877-838-7960 option #3 or update this ticket on the portal. | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| - | 2 | 2.3% | |
| ========================= Incident Overview ========================= We are seeing your 10.50.24.46/ddcidp8350.td.afg device generating 'Sourcefire Malware Event: W32.043030FA17-100.SBX.TG - INV39008.zip' alerts for traffic from 10.33.228.105/10.33.228.105 to 104.27.140.247 indicating that 10.33.228.105/10.33.228.105 has generated traffic matching an indicator residing on the Sourcefire malware cloud. The host at 10.33.228.105/10.33.228.105 may have been infected by File: inv39008.zip that was classified by Sourcefire as W32.043030FA17-100.SBX.TG. We are escalating this incident to you via a high priority ticket and phone call per our default event handling procedures. If you would like us to handle these incidents differently in the future (see below for handling options), or if you have any further questions or concerns, please let us know either by corresponding to us via this ticket and delegating the ticket back to the SOC, or by calling us at 877-838-7960. 1) Ticket only escalation for related events (medium priority ticket and an e-mail only notification). 2) Autoresolve events to the Portal (no explicit notification but events will be available for reporting purposes in the portal). Sincerely, SecureWorks SOC ========================= Technical Details ========================= Source: 10.33.228.105 FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 User: No Authentication RequiredFileName: inv39008.zip FileSize: 1091238 Name of threat from the Sourcefire event: W32.043030FA17-100.SBX.TG FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 Virus total link: https://www.virustotal.com/en/file/043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855/analysis/ User provided by Sourcefire (if available): No Authentication Required URI detected for this alert (if available): http://yasamkurusatis[.]com/wp-content/uploads/2019/09/files/INV39008[.]zip ========================= References ========================= Reference(s) From the Vendor: Threat Detected in Network File Transfer (Retrospective) ========================= Event Details ========================= Related Events: Event Count: 1 Total Occurrence Count: 1 Event ID: 309187393 Event Summary: Sourcefire Malware Event: W32.043030FA17-100.SBX.TG - INV39008.zip Occurrence Count: 1 Host and Connection Information Source IP: 10.33.228.105 Source Port: 23798 Destination IP: 104.27.140.247 Destination Port: 80 Destination IP Geolocation: San Francisco, USA Connection Directionality: OUTGOING Device Information Device IP: 10.50.24.46 Device Name: ddcidp8350.td.afg Log Time: 2019-09-25 at 19:47:22 Action: Not Blocked Vendor EventID: 1569440841:1:63870 CVSS Score: -1 Vendor Reference: Threat Detected in Network File Transfer (Retrospective) User: No Authentication Required Threat Name: W32.043030FA17-100.SBX.TG File Name: inv39008.zip File Size: 1091238 FileHash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855 SCWX Event Processing Information Sherlock Rule ID (SLE): 843571 Inspector Rule ID: 277082 Inspector Event ID: 3274253601 Ontology ID: 11 Event Type ID: 10 Agent ID: 125057 Event Detail: [***] Malware Event [Threat: W32.043030FA17-100.SBX.TG] [***] [Type: Threat Detected in Network File Transfer (Retrospective)] [Subtype: (0)] [Filename: INV39008.zip] [Hash: 043030fa171b46eac8c708482919f72e6cc77bf851ad900f7e0690d2ff15e855] [FilePath: ] [FileType: ZIP] [FileSize: 1091238] [AppProtocol: HTTP] [ParentFilename: ] [ParentHash: ] [URI: http://yasamkurusatis.com/wp-content/uploads/2019/09/files/INV39008.zip] [Sensor ID: 45] [Event ID: 1569440841:1:63870] [Device: ddcidp8350] [User: No Authentication Required] [Detection: ] [FileTimestamp: 0] [Description: Retrospective Event, Thu Sep 26 02:24:27 2019(UTC), Old Disp: Neutral, New Disp: Malware, Threat Name: W32.043030FA17-100.SBX.TG; ] [Direction: Download] [FilePolicy: SWRX_AMP-Block_File-Block_Policy] [Disposition: UNKNOWN] [RetroDisposition: UNKNOWN] [DstCountry: united states] [SslActualAction: Unknown] [Action: Malware Cloud Lookup] [HTTP Response: 0] 09/25/2019-19:47:22.000000 10.33.228.105:23798 -> 104.27.140.247:80 [O:SECURITY] | 1 | 1.1% | |
| Our event flow monitoring has detected a disruption in the flow of events from ddcidp82601-2.td.afg located at American Financial Group, Inc.. This system generated ticket indicates that SECURITY events have not been received from this device within defined limits. Status is DOWN; last SECURITY event received on Sat Aug 24 23:15:52 UTC 2019. If you would like to speak to a team member please call into the Security Operations Center at 877-838-7960 option #3 or update this ticket on the portal. | 1 | 1.1% | |
| (Missing) | 84 | 95.5% |
| Max length | 4332 |
|---|---|
| Mean length | 57.79545455 |
| Min length | 1 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Dell_Secureworks_Event_Source
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 95.5% |
| Missing (n) | 84 |
| - | 2 |
|---|---|
| CTP_HEALTH | 1 |
| MPLE | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| - | 2 | 2.3% | |
| CTP_HEALTH | 1 | 1.1% | |
| MPLE | 1 | 1.1% | |
| (Missing) | 84 | 95.5% |
| Max length | 10 |
|---|---|
| Mean length | 3.045454545 |
| Min length | 1 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | True |
Dell_Secureworks_Priority
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 95.5% |
| Missing (n) | 84 |
| - | 2 |
|---|---|
| MEDIUM | 1 |
| HIGH | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| - | 2 | 2.3% | |
| MEDIUM | 1 | 1.1% | |
| HIGH | 1 | 1.1% | |
| (Missing) | 84 | 95.5% |
| Max length | 6 |
|---|---|
| Mean length | 3 |
| Min length | 1 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | True |
Dell_Secureworks_Sensor_Name
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 98.9% |
| Missing (n) | 87 |
| ddcidp82601-2.td.afg-8053629 | 1 |
|---|---|
| (Missing) |
| Value | Count | Frequency (%) | |
| ddcidp82601-2.td.afg-8053629 | 1 | 1.1% | |
| (Missing) | 87 | 98.9% |
| Max length | 28 |
|---|---|
| Mean length | 3.284090909 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | True |
Dell_Secureworks_Subject
Categorical
| Distinct count | 6 |
|---|---|
| Unique (%) | 6.8% |
| Missing (%) | 93.2% |
| Missing (n) | 82 |
| - | 2 |
|---|---|
| Event flow disruption SECURITY | 1 |
| [External] Secureworks Ticket #IN33274226 | Event flow disruption SECURITY | ddcidp82601-2.td.afg-8053629 ; | American Financial Group, Inc. | 1 |
| Other values (2) | 2 |
| (Missing) |
| Value | Count | Frequency (%) | |
| - | 2 | 2.3% | |
| Event flow disruption SECURITY | 1 | 1.1% | |
| [External] Secureworks Ticket #IN33274226 | Event flow disruption SECURITY | ddcidp82601-2.td.afg-8053629 ; | American Financial Group, Inc. | 1 | 1.1% | |
| [External] (ANSOC) Secureworks Ticket #33681248 Unsuccessful Escalation | Sourcefire AMP: Threat Detected in Network File Transfer (Retrospective) - Host: 10.33.228.105 | ddcidp8350.td.afg-20247860 ; | 1 | 1.1% | |
| Sourcefire AMP: Threat Detected in Network File Transfer (Retrospective) - Host: 10.33.228.105 | 1 | 1.1% | |
| (Missing) | 82 | 93.2% |
| Max length | 199 |
|---|---|
| Mean length | 8.079545455 |
| Min length | 1 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Dell_Secureworks_Ticket#
Categorical
| Distinct count | 5 |
|---|---|
| Unique (%) | 5.7% |
| Missing (%) | 94.3% |
| Missing (n) | 83 |
| IN33274226 | 2 |
|---|---|
| 33714161 | 1 |
| IN33681248 | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| IN33274226 | 2 | 2.3% | |
| 33714161 | 1 | 1.1% | |
| IN33681248 | 1 | 1.1% | |
| 33601560 | 1 | 1.1% | |
| (Missing) | 83 | 94.3% |
| Max length | 10 |
|---|---|
| Mean length | 3.352272727 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | False |
Dell_Secureworks_Ticket_Type
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 95.5% |
| Missing (n) | 84 |
| INCIDENT | 2 |
|---|---|
| - | 2 |
| (Missing) |
| Value | Count | Frequency (%) | |
| INCIDENT | 2 | 2.3% | |
| - | 2 | 2.3% | |
| (Missing) | 84 | 95.5% |
| Max length | 8 |
|---|---|
| Mean length | 3.068181818 |
| Min length | 1 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | True |
Department
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Description
Categorical
| Distinct count | 61 |
|---|---|
| Unique (%) | 69.3% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| <https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/ea42dbc6858dfc6982db4ff47588da4a81f275320600c8e8d830afd77782f078?linkOrigin=notif> | 9 |
|---|---|
| <https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/5c6b382a9219d52bb506a7bffbd019eb328687131df1dca97b02f3e81e107a73?linkOrigin=notif> | 3 |
| <https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/91687e44c9fd8b762fa056e1aef6da857cd12853edfa2503cfb899f6acacad7d?linkOrigin=notif> | 3 |
| Other values (58) |
| Value | Count | Frequency (%) | |
| <https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/ea42dbc6858dfc6982db4ff47588da4a81f275320600c8e8d830afd77782f078?linkOrigin=notif> | 9 | 10.2% | |
| <https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/5c6b382a9219d52bb506a7bffbd019eb328687131df1dca97b02f3e81e107a73?linkOrigin=notif> | 3 | 3.4% | |
| <https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/91687e44c9fd8b762fa056e1aef6da857cd12853edfa2503cfb899f6acacad7d?linkOrigin=notif> | 3 | 3.4% | |
| <https://threatinsight.proofpoint.com/44844d21-c174-dafd-8904-5beb0a767662/threat/email/c92aedb4ffebfabda75ebd0bccf17cd19efb58fd98bb6c3c99555e8d173a924d?linkOrigin=notif> | 3 | 3.4% | |
| <https://threatinsight.proofpoint.com/44844d21-c174-dafd-8904-5beb0a767662/threat/email/f25e6dd884808fd7f2cecebad61848f363593b126ac096513c6160a355593810?linkOrigin=notif> | 3 | 3.4% | |
| <https://threatinsight.proofpoint.com/44844d21-c174-dafd-8904-5beb0a767662/threat/email/444eec60dd88c4812ab1d8585c8512a38f3ec9dd8399d8a86ef4b29cc5d04f2b?linkOrigin=notif> | 3 | 3.4% | |
| Incident Response team, We have completed an investigation of a suspicious email. From: Multiple Reporters?: Originating IPs: SMTP Relays: Domains: URLs: Reporter: | 3 | 3.4% | |
| <https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/ae0cbe7bcb2d0f438dda83bbd23812ff1a71f43a300d41480e7ee3e9cbdf6522?linkOrigin=notif> | 2 | 2.3% | |
| <https://portal.secureworks.com/portal/incidents/IN33681248> | 2 | 2.3% | |
| <https://threatinsight.proofpoint.com/769da03a-b7d8-b16f-26e4-c14319bd3442/threat/email/88184145228f1448462227eaa4dd923bbb16feedd42d8ef921eac4ee506e4516?linkOrigin=notif> | 2 | 2.3% | |
| Other values (51) | 55 | 62.5% |
| Max length | 2670 |
|---|---|
| Mean length | 543.9772727 |
| Min length | 60 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Destination_IP
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Destination_Port
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
detection_interval
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
detection_time
Categorical
| Distinct count | 11 |
|---|---|
| Unique (%) | 12.5% |
| Missing (%) | 88.6% |
| Missing (n) | 78 |
| 8/29/2019 23:14 | 1 |
|---|---|
| 9/25/2019 20:32 | 1 |
| 9/23/2019 17:58 | 1 |
| Other values (7) | 7 |
| (Missing) |
| Value | Count | Frequency (%) | |
| 8/29/2019 23:14 | 1 | 1.1% | |
| 9/25/2019 20:32 | 1 | 1.1% | |
| 9/23/2019 17:58 | 1 | 1.1% | |
| 9/18/2019 23:50 | 1 | 1.1% | |
| 9/14/2019 16:43 | 1 | 1.1% | |
| 9/25/2019 20:43 | 1 | 1.1% | |
| 9/17/2019 16:25 | 1 | 1.1% | |
| 9/28/2019 18:22 | 1 | 1.1% | |
| 9/13/2019 16:30 | 1 | 1.1% | |
| 9/25/2019 20:34 | 1 | 1.1% | |
| (Missing) | 78 | 88.6% |
| Max length | 15 |
|---|---|
| Mean length | 4.363636364 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Directionality
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 28.4% |
| Missing (n) | 25 |
| Inbound | |
|---|---|
| (Missing) |
| Value | Count | Frequency (%) | |
| Inbound | 63 | 71.6% | |
| (Missing) | 25 | 28.4% |
| Max length | 7 |
|---|---|
| Mean length | 5.863636364 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | False |
domain
Categorical
| Distinct count | 5 |
|---|---|
| Unique (%) | 5.7% |
| Missing (%) | 88.6% |
| Missing (n) | 78 |
| GA | 6 |
|---|---|
| AAG | 2 |
| SUMMIT | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| GA | 6 | 6.8% | |
| AAG | 2 | 2.3% | |
| SUMMIT | 1 | 1.1% | |
| GAMCUSTOM | 1 | 1.1% | |
| (Missing) | 78 | 88.6% |
| Max length | 9 |
|---|---|
| Mean length | 3.034090909 |
| Min length | 2 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | False |
Dropped
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| Unknown | |
|---|---|
| No | 7 |
| Yes | 4 |
| Value | Count | Frequency (%) | |
| Unknown | 77 | 87.5% | |
| No | 7 | 8.0% | |
| Yes | 4 | 4.5% |
| Max length | 7 |
|---|---|
| Mean length | 6.420454545 |
| Min length | 2 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | False |
Employee
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Employee_Involved
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Employee_Involvement
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Esclated_To_BU_IT
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Exposure_Resolved
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Exposure_Type
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
file_path
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Breach_Circumstances
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Breach_Type
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Breach_Type_Comment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Consequences
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Consequences_Comment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Final_Assessment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Final_Assessment_Comment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Identification
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Identification_Comment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Personal_Data
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Personal_Data_Comment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
GDPR_Subsequent_Notification
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Guest_Network_Involvement
Constant
This variable is constant and should be ignored for analysis
| Constant value | No |
|---|
Harm_Foreseeable
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Header_From
Categorical
| Distinct count | 5 |
|---|---|
| Unique (%) | 5.7% |
| Missing (%) | 47.7% |
| Missing (n) | 42 |
| — | |
|---|---|
| Al <alkempf1901@aol.com> | 1 |
| =?utf-8?Q?Kristin_Erickson?= <kerickson@tonry.com> | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| — | 43 | 48.9% | |
| Al <alkempf1901@aol.com> | 1 | 1.1% | |
| =?utf-8?Q?Kristin_Erickson?= <kerickson@tonry.com> | 1 | 1.1% | |
| Arne Sredl <hqfemileenl@outlook.com> | 1 | 1.1% | |
| (Missing) | 42 | 47.7% |
| Max length | 51 |
|---|---|
| Mean length | 3.693181818 |
| Min length | 2 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Header_Reply_To
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 47.7% |
| Missing (n) | 42 |
| — | |
|---|---|
| (Missing) |
| Value | Count | Frequency (%) | |
| — | 46 | 52.3% | |
| (Missing) | 42 | 47.7% |
| Max length | 3 |
|---|---|
| Mean length | 2.477272727 |
| Min length | 2 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
Host_Involved
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Host_Name
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Hours_worked
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
HX_Agent_ID
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
HX_Hostname
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
HX_IP
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
HX_UUID
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
HXname
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
ID
Numeric
| Distinct count | 88 |
|---|---|
| Unique (%) | 100.0% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| Infinite (%) | 0.0% |
| Infinite (n) | 0 |
| Mean | 7975.272727 |
|---|---|
| Minimum | 7862 |
| Maximum | 8075 |
| Zeros (%) | 0.0% |
Quantile statistics
| Minimum | 7862 |
|---|---|
| 5-th percentile | 7877.35 |
| Q1 | 7921.5 |
| Median | 7977.5 |
| Q3 | 8033.25 |
| 95-th percentile | 8062.65 |
| Maximum | 8075 |
| Range | 213 |
| Interquartile range | 111.75 |
Descriptive statistics
| Standard deviation | 63.4173781 |
|---|---|
| Coef of variation | 0.0079517504 |
| Kurtosis | -1.166047854 |
| Mean | 7975.272727 |
| MAD | 53.94834711 |
| Skewness | -0.1698550335 |
| Sum | 701824 |
| Variance | 4021.763845 |
| Memory size | 784.0 B |
| Value | Count | Frequency (%) | |
| 8052 | 1 | 1.1% | |
| 8062 | 1 | 1.1% | |
| 8042 | 1 | 1.1% | |
| 7977 | 1 | 1.1% | |
| 7978 | 1 | 1.1% | |
| 8033 | 1 | 1.1% | |
| 7980 | 1 | 1.1% | |
| 7982 | 1 | 1.1% | |
| 7984 | 1 | 1.1% | |
| 8036 | 1 | 1.1% | |
| Other values (78) | 78 | 88.6% |
Minimum 5 values
| Value | Count | Frequency (%) | |
| 7862 | 1 | 1.1% | |
| 7863 | 1 | 1.1% | |
| 7864 | 1 | 1.1% | |
| 7865 | 1 | 1.1% | |
| 7877 | 1 | 1.1% |
Maximum 5 values
| Value | Count | Frequency (%) | |
| 8075 | 1 | 1.1% | |
| 8074 | 1 | 1.1% | |
| 8069 | 1 | 1.1% | |
| 8064 | 1 | 1.1% | |
| 8063 | 1 | 1.1% |
Impact_Likely
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Impacted_System
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Incident_Disposition
Boolean
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| Yes | |
|---|---|
| No |
| Value | Count | Frequency (%) | |
| Yes | 57 | 64.8% | |
| No | 31 | 35.2% |
Incident_Type
Categorical
| Distinct count | 7 |
|---|---|
| Unique (%) | 8.0% |
| Missing (%) | 5.7% |
| Missing (n) | 5 |
| Phishing | |
|---|---|
| Malware | |
| Suspicious Host Activity | |
| Other values (3) | 7 |
| Value | Count | Frequency (%) | |
| Phishing | 42 | 47.7% | |
| Malware | 17 | 19.3% | |
| Suspicious Host Activity | 17 | 19.3% | |
| Health Alert | 5 | 5.7% | |
| Not an Issue | 1 | 1.1% | |
| Suspicious Network Traffic | 1 | 1.1% | |
| (Missing) | 5 | 5.7% |
| Max length | 26 |
|---|---|
| Mean length | 11.09090909 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
Individual_Name
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Is_vulnerable?
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Item_Number
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Joe_Sandbox_Result
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Jurisdiction
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
last_detection_time
Categorical
| Distinct count | 11 |
|---|---|
| Unique (%) | 12.5% |
| Missing (%) | 88.6% |
| Missing (n) | 78 |
| 8/29/2019 23:14 | 1 |
|---|---|
| 9/25/2019 20:32 | 1 |
| 9/23/2019 17:58 | 1 |
| Other values (7) | 7 |
| (Missing) |
| Value | Count | Frequency (%) | |
| 8/29/2019 23:14 | 1 | 1.1% | |
| 9/25/2019 20:32 | 1 | 1.1% | |
| 9/23/2019 17:58 | 1 | 1.1% | |
| 9/18/2019 23:50 | 1 | 1.1% | |
| 9/14/2019 16:43 | 1 | 1.1% | |
| 9/25/2019 20:43 | 1 | 1.1% | |
| 9/17/2019 16:25 | 1 | 1.1% | |
| 9/28/2019 18:22 | 1 | 1.1% | |
| 9/13/2019 16:30 | 1 | 1.1% | |
| 9/25/2019 20:34 | 1 | 1.1% | |
| (Missing) | 78 | 88.6% |
| Max length | 15 |
|---|---|
| Mean length | 4.363636364 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Last_Modified
Categorical
| Distinct count | 80 |
|---|---|
| Unique (%) | 90.9% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| 9/26/2019 11:04 | 3 |
|---|---|
| 9/3/2019 8:16 | 2 |
| 9/17/2019 11:08 | 2 |
| Other values (77) |
| Value | Count | Frequency (%) | |
| 9/26/2019 11:04 | 3 | 3.4% | |
| 9/3/2019 8:16 | 2 | 2.3% | |
| 9/17/2019 11:08 | 2 | 2.3% | |
| 9/20/2019 12:10 | 2 | 2.3% | |
| 9/17/2019 11:09 | 2 | 2.3% | |
| 9/26/2019 11:09 | 2 | 2.3% | |
| 9/25/2019 14:54 | 2 | 2.3% | |
| 9/12/2019 14:13 | 1 | 1.1% | |
| 9/23/2019 14:05 | 1 | 1.1% | |
| 9/24/2019 9:00 | 1 | 1.1% | |
| Other values (70) | 70 | 79.5% |
| Max length | 15 |
|---|---|
| Mean length | 14.5 |
| Min length | 13 |
| Contains chars | False |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Lawful_Data_Processing_Categories
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Location
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Machine_Compromised
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 28.4% |
| Missing (n) | 25 |
| No | |
|---|---|
| (Missing) |
| Value | Count | Frequency (%) | |
| No | 63 | 71.6% | |
| (Missing) | 25 | 28.4% |
| Max length | 3 |
|---|---|
| Mean length | 2.284090909 |
| Min length | 2 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | False |
malware_file_path
Path
| Distinct count | 9 |
|---|---|
| Unique (%) | 10.2% |
| Missing (%) | 90.9% |
| Missing (n) | 80 |
| Common prefix | No common prefix |
| Value | Count | Frequency (%) | |
| C:\Windows\Temp\__temp_dcf\10\_~\USPSLabel.exe | 1 | 1.1% | |
| E:\Users\rgdouglas\Chrome Downloads\blue.php | 1 | 1.1% | |
| C:\Users\adeitz\Downloads\{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf C:\Users\adeitz\Downloads\{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf->(pdf0000:) C:\Users\adeitz\Downloads\{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf | 1 | 1.1% | |
| C:\Users\ruizl\OneDrive - Netconic IT\Tech Stuff\Software\D7x\d7xFiles(StarterConfig)\d7x\3rd Party Tools\Nirsoft\wirelesskeyview-x64.exe | 1 | 1.1% | |
| C:\Users\aijones\AppData\Local\Microsoft\Windows\INetCache\Low\IE\P69U0LR9\REIMBURSEMENT%20LIST[1].pdf | 1 | 1.1% | |
| C:\Users\gbell\Downloads\This computer is BLOCKED.htm C:\Users\gbell\Downloads\This computer is BLOCKED.htm | 1 | 1.1% | |
| C:\Windows\Temp\__temp_dcf\8\_~\pspv.exe | 1 | 1.1% | |
| C:\Users\bbulls\AppData\Local\Temp\4f05.dll | 1 | 1.1% | |
| (Missing) | 80 | 90.9% |
| Value | Count | Frequency (%) | |
| USPSLabel | 1 | 1.1% | |
| REIMBURSEMENT%20LIST[1] | 1 | 1.1% | |
| blue | 1 | 1.1% | |
| This computer is BLOCKED | 1 | 1.1% | |
| {ACD892FD-BD12-460C-B5E4-56F28EA26424} | 1 | 1.1% | |
| pspv | 1 | 1.1% | |
| 4f05 | 1 | 1.1% | |
| wirelesskeyview-x64 | 1 | 1.1% | |
| (Missing) | 80 | 90.9% |
| Value | Count | Frequency (%) | |
| pspv.exe | 1 | 1.1% | |
| This computer is BLOCKED.htm | 1 | 1.1% | |
| USPSLabel.exe | 1 | 1.1% | |
| {ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf | 1 | 1.1% | |
| 4f05.dll | 1 | 1.1% | |
| wirelesskeyview-x64.exe | 1 | 1.1% | |
| REIMBURSEMENT%20LIST[1].pdf | 1 | 1.1% | |
| blue.php | 1 | 1.1% | |
| (Missing) | 80 | 90.9% |
| Value | Count | Frequency (%) | |
| .exe | 3 | 3.4% | |
| .dll | 1 | 1.1% | |
| .htm | 1 | 1.1% | |
| 1 | 1.1% | ||
| 1 | 1.1% | ||
| .php | 1 | 1.1% | |
| (Missing) | 80 | 90.9% |
| Value | Count | Frequency (%) | |
| E:\Users\rgdouglas\Chrome Downloads | 1 | 1.1% | |
| C:\Users\aijones\AppData\Local\Microsoft\Windows\INetCache\Low\IE\P69U0LR9 | 1 | 1.1% | |
| C:\Users\bbulls\AppData\Local\Temp | 1 | 1.1% | |
| C:\Users\ruizl\OneDrive - Netconic IT\Tech Stuff\Software\D7x\d7xFiles(StarterConfig)\d7x\3rd Party Tools\Nirsoft | 1 | 1.1% | |
| C:\Users\gbell\Downloads\This computer is BLOCKED.htm C:\Users\gbell\Downloads | 1 | 1.1% | |
| C:\Users\adeitz\Downloads\{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf C:\Users\adeitz\Downloads\{ACD892FD-BD12-460C-B5E4-56F28EA26424}.pdf->(pdf0000:) C:\Users\adeitz\Downloads | 1 | 1.1% | |
| C:\Windows\Temp\__temp_dcf\8\_~ | 1 | 1.1% | |
| C:\Windows\Temp\__temp_dcf\10\_~ | 1 | 1.1% | |
| (Missing) | 80 | 90.9% |
malware_name
Categorical
| Distinct count | 11 |
|---|---|
| Unique (%) | 12.5% |
| Missing (%) | 88.6% |
| Missing (n) | 78 |
| Trojan:HTML/FakeAlert.B | 1 |
|---|---|
| Trojan:HTML/FakeAlert.AA | 1 |
| Exploit:PDF/Ticanoti.A | 1 |
| Other values (7) | 7 |
| (Missing) |
| Value | Count | Frequency (%) | |
| Trojan:HTML/FakeAlert.B | 1 | 1.1% | |
| Trojan:HTML/FakeAlert.AA | 1 | 1.1% | |
| Exploit:PDF/Ticanoti.A | 1 | 1.1% | |
| TrojanDownloader:Win32/Kuluoz.C | 1 | 1.1% | |
| Trojan:Win32/Swrort.A | 1 | 1.1% | |
| HackTool:Win32/Passview | 1 | 1.1% | |
| Behavior:Win32/Meterpreter.gen!A | 1 | 1.1% | |
| Trojan:PDF/Sonbokli.A!cl | 1 | 1.1% | |
| HackTool:Win32/WirKey | 1 | 1.1% | |
| Behavior:Win32/Atosev.gen!A | 1 | 1.1% | |
| (Missing) | 78 | 88.6% |
| Max length | 32 |
|---|---|
| Mean length | 5.477272727 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | True |
Members
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Message_ID
Categorical
| Distinct count | 7 |
|---|---|
| Unique (%) | 8.0% |
| Missing (%) | 93.2% |
| Missing (n) | 82 |
| BN7PR04MB42433B021DC1441D8C70E365CC890@BN7PR04MB4243.namprd04.prod.outlook.com | 1 |
|---|---|
| 0BE47024-9D7E-475D-8107-E31F2E1D02D6@bitesizelearning.co.uk | 1 |
| 44D44C53-A92C-446C-8CEA-C42322A139F1@aol.com | 1 |
| Other values (3) | 3 |
| (Missing) |
| Value | Count | Frequency (%) | |
| BN7PR04MB42433B021DC1441D8C70E365CC890@BN7PR04MB4243.namprd04.prod.outlook.com | 1 | 1.1% | |
| 0BE47024-9D7E-475D-8107-E31F2E1D02D6@bitesizelearning.co.uk | 1 | 1.1% | |
| 44D44C53-A92C-446C-8CEA-C42322A139F1@aol.com | 1 | 1.1% | |
| VI1P189MB0304D6D2D4B1EC058FB786A98BB70@VI1P189MB0304.EURP189.PROD.OUTLOOK.COM | 1 | 1.1% | |
| zarafa.5d8396f7.586c.35756e935c983ecc@mail.tonry.com | 1 | 1.1% | |
| FR1PR80MB0181F557910BF88584102095ACB50@FR1PR80MB0181.lamprd80.prod.outlook.com | 1 | 1.1% | |
| (Missing) | 82 | 93.2% |
| Max length | 78 |
|---|---|
| Mean length | 7.204545455 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | True |
Message_Size
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 96.6% |
| Missing (n) | 85 |
| 299 KB | 1 |
|---|---|
| 95 KB | 1 |
| 84 KB | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| 299 KB | 1 | 1.1% | |
| 95 KB | 1 | 1.1% | |
| 84 KB | 1 | 1.1% | |
| (Missing) | 85 | 96.6% |
| Max length | 6 |
|---|---|
| Mean length | 3.079545455 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Month
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| September | |
|---|---|
| August | 4 |
| Value | Count | Frequency (%) | |
| September | 84 | 95.5% | |
| August | 4 | 4.5% |
| Max length | 9 |
|---|---|
| Mean length | 8.863636364 |
| Min length | 6 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | False |
Morphick_Ticket#
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 97.7% |
| Missing (n) | 86 |
| CS0015754 | 1 |
|---|---|
| CS0015758 | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| CS0015754 | 1 | 1.1% | |
| CS0015758 | 1 | 1.1% | |
| (Missing) | 86 | 97.7% |
| Max length | 9 |
|---|---|
| Mean length | 3.136363636 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | False |
Morphick_Update
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Name
Categorical
| Distinct count | 52 |
|---|---|
| Unique (%) | 59.1% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| [Proofpoint Link] — [Crop Division] | 11 |
|---|---|
| [Proofpoint Link] — [National Interstate Ins] | 9 |
| [Proofpoint Link] — [Strategic Comp] | 7 |
| Other values (49) |
| Value | Count | Frequency (%) | |
| [Proofpoint Link] — [Crop Division] | 11 | 12.5% | |
| [Proofpoint Link] — [National Interstate Ins] | 9 | 10.2% | |
| [Proofpoint Link] — [Strategic Comp] | 7 | 8.0% | |
| Configuration Manager Malware Detected Alert: Malware detection alert for collection: Endpoint Protection - Strategic Compensation Servers | 4 | 4.5% | |
| [Proofpoint Link] — [Mid-Continent Group] | 3 | 3.4% | |
| Kaspersky Security Center 10 Administration Server Report [National Interstate Ins] | 2 | 2.3% | |
| [Proofpoint Link] — [Summit] | 2 | 2.3% | |
| Configuration Manager Malware Detected Alert: Malware detection alert for collection: Endpoint Protection - Annuity Servers [Annuity Information Tech] | 2 | 2.3% | |
| [Proofpoint Link] — [Financial Institution Ser] | 2 | 2.3% | |
| [Proofpoint Link] — [Bond Division] | 2 | 2.3% | |
| Other values (42) | 44 | 50.0% |
| Max length | 216 |
|---|---|
| Mean length | 74.28409091 |
| Min length | 19 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Negative_PR
Constant
This variable is constant and should be ignored for analysis
| Constant value | Unknown |
|---|
Next_Due_Date
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
NIST_Attack_Vectors
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
number_of_infections
Boolean
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 88.6% |
| Missing (n) | 78 |
| 1 | 10 |
|---|---|
| (Missing) |
| Value | Count | Frequency (%) | |
| 1 | 10 | 11.4% | |
| (Missing) | 78 | 88.6% |
Organization
Constant
This variable is constant and should be ignored for analysis
| Constant value | GAIG |
|---|
Other_Alert_Source
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
other_path
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Outbound_Threat_Type
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 28.4% |
| Missing (n) | 25 |
| Malware | |
|---|---|
| (Missing) |
| Value | Count | Frequency (%) | |
| Malware | 63 | 71.6% | |
| (Missing) | 25 | 28.4% |
| Max length | 7 |
|---|---|
| Mean length | 5.863636364 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | False |
Owner
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| Paul Karklins (pkarklins@gaig.com) | |
|---|---|
| Gene Kazimiarovich (gkazimiarovich@gaig.com) | |
| Nik Whitis (nwhitis@gaig.com) |
| Value | Count | Frequency (%) | |
| Paul Karklins (pkarklins@gaig.com) | 49 | 55.7% | |
| Gene Kazimiarovich (gkazimiarovich@gaig.com) | 21 | 23.9% | |
| Nik Whitis (nwhitis@gaig.com) | 17 | 19.3% | |
| Elliot Rhodes (erhodes@gaig.com) | 1 | 1.1% |
| Max length | 44 |
|---|---|
| Mean length | 35.39772727 |
| Min length | 29 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
Personal_Email
Constant
This variable is constant and should be ignored for analysis
| Constant value | No |
|---|
Phase
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| Engage | |
|---|---|
| Respond | |
| Detect/Analyze | 3 |
| Value | Count | Frequency (%) | |
| Engage | 48 | 54.5% | |
| Respond | 37 | 42.0% | |
| Detect/Analyze | 3 | 3.4% |
| Max length | 14 |
|---|---|
| Mean length | 6.693181818 |
| Min length | 6 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | True |
PIPEDA_Other_Factors
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
PIPEDA_Other_Factors_Comment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
PIPEDA_Overall_Assessment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
PIPEDA_Overall_Assessment_Comment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
PIPEDA_Probability_of_Misuse
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
PIPEDA_Probability_of_Misuse_Comment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
PIPEDA_Sensitivity_of_PI
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
PIPEDA_Sensitivity_of_PI_Comment
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Protocol
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Recipient
Categorical
| Distinct count | 39 |
|---|---|
| Unique (%) | 44.3% |
| Missing (%) | 43.2% |
| Missing (n) | 38 |
| PhishingNotice@gaig.com | 4 |
|---|---|
| servicioalcliente@gaig.com | 3 |
| stephanie.ruggles@natl.com | 3 |
| Other values (35) | |
| (Missing) |
| Value | Count | Frequency (%) | |
| PhishingNotice@gaig.com | 4 | 4.5% | |
| servicioalcliente@gaig.com | 3 | 3.4% | |
| stephanie.ruggles@natl.com | 3 | 3.4% | |
| rbabb@strategiccomp.com | 3 | 3.4% | |
| tisaackson@gaig.com | 2 | 2.3% | |
| celias@gaic.com | 2 | 2.3% | |
| akimble@gaig.com | 2 | 2.3% | |
| andrea.medina@natl.com | 1 | 1.1% | |
| dmcquay@mcg-ins.com | 1 | 1.1% | |
| mcmiller2@gaig.com | 1 | 1.1% | |
| Other values (28) | 28 | 31.8% | |
| (Missing) | 38 | 43.2% |
| Max length | 32 |
|---|---|
| Mean length | 13.72727273 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
ref_number
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 97.7% |
| Missing (n) | 86 |
| MSG0144748 | 1 |
|---|---|
| MSG0143917 | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| MSG0144748 | 1 | 1.1% | |
| MSG0143917 | 1 | 1.1% | |
| (Missing) | 86 | 97.7% |
| Max length | 10 |
|---|---|
| Mean length | 3.159090909 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | False |
remediation_action
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 88.6% |
| Missing (n) | 78 |
| NoAction | 5 |
|---|---|
| Quarantine | 4 |
| Remove | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| NoAction | 5 | 5.7% | |
| Quarantine | 4 | 4.5% | |
| Remove | 1 | 1.1% | |
| (Missing) | 78 | 88.6% |
| Max length | 10 |
|---|---|
| Mean length | 3.636363636 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | False |
| Contains non-words | False |
Remidiation_Source
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Reporting_Individual
Categorical
| Distinct count | 7 |
|---|---|
| Unique (%) | 8.0% |
| Missing (%) | 20.5% |
| Missing (n) | 18 |
| tap-notifications@proofpoint.com | |
|---|---|
| SCCM_2012_Alert@gaic.com | |
| service@secureworks.com | 6 |
| Other values (3) | 8 |
| (Missing) |
| Value | Count | Frequency (%) | |
| tap-notifications@proofpoint.com | 46 | 52.3% | |
| SCCM_2012_Alert@gaic.com | 10 | 11.4% | |
| service@secureworks.com | 6 | 6.8% | |
| PhishingNotice@gaig.com | 4 | 4.5% | |
| cases@mts.bah.com | 2 | 2.3% | |
| kaspersky@natl.com | 2 | 2.3% | |
| (Missing) | 18 | 20.5% |
| Max length | 32 |
|---|---|
| Mean length | 23.47727273 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | True |
Resolution
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| Resolved | |
|---|---|
| Not an Issue | |
| Duplicate | 8 |
| Value | Count | Frequency (%) | |
| Resolved | 64 | 72.7% | |
| Not an Issue | 16 | 18.2% | |
| Duplicate | 8 | 9.1% |
| Max length | 12 |
|---|---|
| Mean length | 8.818181818 |
| Min length | 8 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
Resolution_Summary
Categorical
| Distinct count | 67 |
|---|---|
| Unique (%) | 76.1% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| The alert is marked as False positive by Proofpoint on rebrand.ly domain. | 8 |
|---|---|
| Investigated by Interns. Determined that no further remediation actions were needed. | 4 |
| User clicked phishing link, password reset requested. | 4 |
| Other values (64) |
| Value | Count | Frequency (%) | |
| The alert is marked as False positive by Proofpoint on rebrand.ly domain. | 8 | 9.1% | |
| Investigated by Interns. Determined that no further remediation actions were needed. | 4 | 4.5% | |
| User clicked phishing link, password reset requested. | 4 | 4.5% | |
| Malware turned out to be a Qbot variant that scep partially contained. The server was quarantined with Fireeye and is going to be re-built. | 3 | 3.4% | |
| The true site behind the office doc appears to have been taken down. however, there is resolution of that domain on the day the email was delivered. I notified the employee that they should reset their password immediately to prevent account misuse. | 3 | 3.4% | |
| The domain serving the malware has now been blocked. The citrix server that was infected has been contained and slated to be re-built or decommissioned. Barbara's account credentials, as well as any admin account that touched the server afterward have been changed. The infection was a Qbot variant downloaded via a phishing email to a single user. SCEP was unable to contain it entirely. Fireeye was installed on the box and it was quarantined to prevent further spread. Forensics were unable to be gather since the server had 96GB of RAM and we were not able to process that much data with fireeye. | 2 | 2.3% | |
| User clicked phishing link, requested password change. | 2 | 2.3% | |
| URL with 3x clicks form the user. URL leads to blank page. Two hits found in proxy logs, both allowed by proxy. No action deemed necessary at this point. | 2 | 2.3% | |
| This was a false positive for phishing. | 2 | 2.3% | |
| Email removed from users inbox in an unread state. | 1 | 1.1% | |
| Other values (57) | 57 | 64.8% |
| Max length | 602 |
|---|---|
| Mean length | 116.0454545 |
| Min length | 32 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Risk_of_Harm
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Sender
Categorical
| Distinct count | 8 |
|---|---|
| Unique (%) | 9.1% |
| Missing (%) | 47.7% |
| Missing (n) | 42 |
| — | |
|---|---|
| kerickson@tonry.com | 1 |
| avazquez@b-safe.es | 1 |
| Other values (4) | 4 |
| (Missing) |
| Value | Count | Frequency (%) | |
| — | 40 | 45.5% | |
| kerickson@tonry.com | 1 | 1.1% | |
| avazquez@b-safe.es | 1 | 1.1% | |
| 0c54789eb9490a211d03ed0bbccd6691@outlook.com | 1 | 1.1% | |
| maria@Illinoiscompensation.com | 1 | 1.1% | |
| alkempf1901@aol.com | 1 | 1.1% | |
| rob@bitesizelearning.co.uk | 1 | 1.1% | |
| (Missing) | 42 | 47.7% |
| Max length | 46 |
|---|---|
| Mean length | 4.704545455 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Sender_IP
Categorical
| Distinct count | 8 |
|---|---|
| Unique (%) | 9.1% |
| Missing (%) | 47.7% |
| Missing (n) | 42 |
| — | |
|---|---|
| 40.107.71.136 | 1 |
| 162.212.106.10 | 1 |
| Other values (4) | 4 |
| (Missing) |
| Value | Count | Frequency (%) | |
| — | 40 | 45.5% | |
| 40.107.71.136 | 1 | 1.1% | |
| 162.212.106.10 | 1 | 1.1% | |
| 40.107.5.103 | 1 | 1.1% | |
| 40.92.9.41 | 1 | 1.1% | |
| 40.107.7.95 | 1 | 1.1% | |
| 69.252.207.33 | 1 | 1.1% | |
| (Missing) | 42 | 47.7% |
| Max length | 15 |
|---|---|
| Mean length | 3.238636364 |
| Min length | 2 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Sensor_Name
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Service_Now_Ticket#
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Severity
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 0.0% |
| Missing (n) | 0 |
| 4 - Low | |
|---|---|
| 5 - Informational | |
| 3 - Moderate |
| Value | Count | Frequency (%) | |
| 4 - Low | 37 | 42.0% | |
| 5 - Informational | 26 | 29.5% | |
| 3 - Moderate | 22 | 25.0% | |
| 2 - High | 3 | 3.4% |
| Max length | 17 |
|---|---|
| Mean length | 11.23863636 |
| Min length | 7 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Simulation
Constant
This variable is constant and should be ignored for analysis
| Constant value | No |
|---|
Source_IP
Categorical
| Distinct count | 8 |
|---|---|
| Unique (%) | 9.1% |
| Missing (%) | 51.1% |
| Missing (n) | 45 |
| 208.65.192.1 | |
|---|---|
| 70.62.202.3 | 9 |
| 5.148.5.181 | 3 |
| Other values (4) | 6 |
| (Missing) |
| Value | Count | Frequency (%) | |
| 208.65.192.1 | 25 | 28.4% | |
| 70.62.202.3 | 9 | 10.2% | |
| 5.148.5.181 | 3 | 3.4% | |
| 174.225.141.50 | 3 | 3.4% | |
| 63.153.217.10 | 1 | 1.1% | |
| 165.225.81.0 | 1 | 1.1% | |
| 174.198.15.73 | 1 | 1.1% | |
| (Missing) | 45 | 51.1% |
| Max length | 16 |
|---|---|
| Mean length | 8.329545455 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Source_of_Data
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Source_Port
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
State
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Status
Constant
This variable is constant and should be ignored for analysis
| Constant value | Closed |
|---|
Subject
Categorical
| Distinct count | 5 |
|---|---|
| Unique (%) | 5.7% |
| Missing (%) | 47.7% |
| Missing (n) | 42 |
| — | |
|---|---|
| mbova : Iceland54 | 1 |
| FW: [UNCHECKED]Re: Great American New England - New Hire Announcement - David Watson | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| — | 43 | 48.9% | |
| mbova : Iceland54 | 1 | 1.1% | |
| FW: [UNCHECKED]Re: Great American New England - New Hire Announcement - David Watson | 1 | 1.1% | |
| Fwd: Great American Insurance Contractors Equipment Policy # IMP 422 96 60 | 1 | 1.1% | |
| (Missing) | 42 | 47.7% |
| Max length | 86 |
|---|---|
| Mean length | 4.954545455 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
Threat_Type
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Time_Spent_in_BU_IT
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Timestamp
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
triage_status
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
URL
URL
| Distinct count | 22 |
|---|---|
| Unique (%) | 25.0% |
| Missing (%) | 51.1% |
| Missing (n) | 45 |
| Value | Count | Frequency (%) | |
| hxxp://rebrand[.]ly/ran8j8 | 9 | 10.2% | |
| hxxps://restaurantdepot[.]us14[.]list-manage[.]com/track/click?u=d83d72f34162a726db96d6e0c&id=9a6cd947ca&e=fba78257a3 | 3 | 3.4% | |
| hxxps://onedrive[.]live[.]com/?authkey=%21AOKAQng6LQUJfG0&cid=F7FA60E0E129FAB4&id=F7FA60E0E129FAB4%21105&parId=root&o=OneUp | 3 | 3.4% | |
| hxxps://southernmail-my[.]sharepoint[.]com/:o:/p/jof/EmWRKFQIS7xIsGllqtwxjMMB4S6FcwkKrrtqtf0IQ63Wqg?e=cCLBoo | 3 | 3.4% | |
| hxxps://file[.]ac/21euCO1oZvA73vycE36T8w/ | 3 | 3.4% | |
| hxxp://forms[.]office[.]com/Pages/ResponsePage[.]aspx?id=zK5pqQMB30CbcUSvo1ld7vQ7s6MVPHpDqlAd7wMjKYRUQUdYM1JZNUEyNzExVlMwWEhCNFBQUUs2Sy4u | 3 | 3.4% | |
| hxxps://gvtyos-my[.]sharepoint[.]com/:o:/g/personal/guy_garrott_gvty_com/EqtZwDEn-mhKqXhZWMGYaqYBQQkjE-QTzkCdJvusL9NwNw?e=s73FCX | 2 | 2.3% | |
| hxxps://tpins1[.]box[.]com/s/9m5m7mu6ywyvtu0lv3s7737v99skaoc5 | 2 | 2.3% | |
| hxxps://middleboro-my[.]sharepoint[.]com:443/:b:/g/personal/ssangeleer_middleboro_k12_ma_us/Eeh60AoSGwBIpCicz415CuQB9DK_Iroj3VuOLisyy5p9cQ?e=4%3aTiw7KR&at=9 | 2 | 2.3% | |
| hxxps://1drive[.]godaddysites[.]com/ | 2 | 2.3% | |
| Other values (11) | 11 | 12.5% | |
| (Missing) | 45 | 51.1% |
| Value | Count | Frequency (%) | |
| hxxps | 30 | 34.1% | |
| hxxp | 13 | 14.8% | |
| (Missing) | 45 | 51.1% |
| Value | Count | Frequency (%) | |
| rebrand[.]ly | 9 | 10.2% | |
| forms[.]office[.]com | 3 | 3.4% | |
| southernmail-my[.]sharepoint[.]com | 3 | 3.4% | |
| restaurantdepot[.]us14[.]list-manage[.]com | 3 | 3.4% | |
| onedrive[.]live[.]com | 3 | 3.4% | |
| file[.]ac | 3 | 3.4% | |
| 1drive[.]godaddysites[.]com | 2 | 2.3% | |
| u345601[.]ct[.]sendgrid[.]net | 2 | 2.3% | |
| gvtyos-my[.]sharepoint[.]com | 2 | 2.3% | |
| tpins1[.]box[.]com | 2 | 2.3% | |
| Other values (10) | 11 | 12.5% | |
| (Missing) | 45 | 51.1% |
| Value | Count | Frequency (%) | |
| /ran8j8 | 9 | 10.2% | |
| / | 3 | 3.4% | |
| /:o:/p/jof/EmWRKFQIS7xIsGllqtwxjMMB4S6FcwkKrrtqtf0IQ63Wqg | 3 | 3.4% | |
| /21euCO1oZvA73vycE36T8w/ | 3 | 3.4% | |
| /Pages/ResponsePage[.]aspx | 3 | 3.4% | |
| /track/click | 3 | 3.4% | |
| /wf/click | 2 | 2.3% | |
| /:o:/g/personal/guy_garrott_gvty_com/EqtZwDEn-mhKqXhZWMGYaqYBQQkjE-QTzkCdJvusL9NwNw | 2 | 2.3% | |
| / | 2 | 2.3% | |
| /:b:/g/personal/ssangeleer_middleboro_k12_ma_us/Eeh60AoSGwBIpCicz415CuQB9DK_Iroj3VuOLisyy5p9cQ | 2 | 2.3% | |
| Other values (10) | 11 | 12.5% | |
| (Missing) | 45 | 51.1% |
| Value | Count | Frequency (%) | |
| 20 | 22.7% | ||
| id=zK5pqQMB30CbcUSvo1ld7vQ7s6MVPHpDqlAd7wMjKYRUQUdYM1JZNUEyNzExVlMwWEhCNFBQUUs2Sy4u | 3 | 3.4% | |
| authkey=%21AOKAQng6LQUJfG0&cid=F7FA60E0E129FAB4&id=F7FA60E0E129FAB4%21105&parId=root&o=OneUp | 3 | 3.4% | |
| e=cCLBoo | 3 | 3.4% | |
| u=d83d72f34162a726db96d6e0c&id=9a6cd947ca&e=fba78257a3 | 3 | 3.4% | |
| e=s73FCX | 2 | 2.3% | |
| e=4%3aTiw7KR&at=9 | 2 | 2.3% | |
| usU23_=mcmiller2@gaig[.]com | 1 | 1.1% | |
| upn=pr3T05H2oeVXfnSU4lR0WGW8yj7GUddvike-2BCXtm713I8kqFzPGynwRHnnOlbtkX2tnN0NGRIV412nEOpieygElzwhiTWl7EizXg7Jbhvbs-3D_8Q3ambCFfbHSiGDC4N-2FFPiMqzWSYK-2B3vVnA5T3XgpubN-2FYGsM-2BQgzdeMknQlqd3k68n7ahVcTJN0vcTU6PYlTWVpYsH5Z3vki6LD859-2FQxOv8P0RLE6rIVdN4qMuN9EpyLPpH2WywPFRR01v9gRLOkD-2BqlrxNieOy5bssRrQhOxdbrKlp-2BybMiFqKZR5N2bAWspBN2-2BX-2FCTAus4F3p9FSQ-3D-3D | 1 | 1.1% | |
| ticket=93640bhrrqwv7xn05605&calldate=20190904&Q_S1=01 | 1 | 1.1% | |
| Other values (4) | 4 | 4.5% | |
| (Missing) | 45 | 51.1% |
| Value | Count | Frequency (%) | |
| 43 | 48.9% | ||
| (Missing) | 45 | 51.1% |
URL_Blocked
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
url_path
URL
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 97.7% |
| Missing (n) | 86 |
| Value | Count | Frequency (%) | |
| http://documents.dps.ny.gov/public/Common/ViewDoc.aspx?DocRefId=%7BACD892FD-BD12-460C-B5E4-56F28EA26424%7D | 1 | 1.1% | |
| http://ventriculus.gq/story/index.php | 1 | 1.1% | |
| (Missing) | 86 | 97.7% |
| Value | Count | Frequency (%) | |
| http | 2 | 2.3% | |
| (Missing) | 86 | 97.7% |
| Value | Count | Frequency (%) | |
| ventriculus.gq | 1 | 1.1% | |
| documents.dps.ny.gov | 1 | 1.1% | |
| (Missing) | 86 | 97.7% |
| Value | Count | Frequency (%) | |
| /story/index.php | 1 | 1.1% | |
| /public/Common/ViewDoc.aspx | 1 | 1.1% | |
| (Missing) | 86 | 97.7% |
| Value | Count | Frequency (%) | |
| DocRefId=%7BACD892FD-BD12-460C-B5E4-56F28EA26424%7D | 1 | 1.1% | |
| 1 | 1.1% | ||
| (Missing) | 86 | 97.7% |
| Value | Count | Frequency (%) | |
| 2 | 2.3% | ||
| (Missing) | 86 | 97.7% |
User_Agent
Categorical
| Distinct count | 11 |
|---|---|
| Unique (%) | 12.5% |
| Missing (%) | 51.1% |
| Missing (n) | 45 |
| Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko | |
|---|---|
| Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko | 5 |
| Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36 | 4 |
| Other values (7) | |
| (Missing) |
| Value | Count | Frequency (%) | |
| Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko | 16 | 18.2% | |
| Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko | 5 | 5.7% | |
| Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36 | 4 | 4.5% | |
| Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko | 4 | 4.5% | |
| Mozilla/5.0 (iPhone; CPU iPhone OS 12_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Mobile/15E148 Safari/604.1 | 3 | 3.4% | |
| Mozilla/5.0 (iPhone; CPU iPhone OS 12_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Mobile/15E148 Safari/604.1 | 3 | 3.4% | |
| Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 | 3 | 3.4% | |
| Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 | 2 | 2.3% | |
| Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36 | 2 | 2.3% | |
| Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299 | 1 | 1.1% | |
| (Missing) | 45 | 51.1% |
| Max length | 141 |
|---|---|
| Mean length | 47.76136364 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
varonis_additional_data
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
varonis_desc
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 96.6% |
| Missing (n) | 85 |
| A file was created, opened or renamed to one of the known exploitation/hacking tools. The list of names is configurable via Exploitation tools dictionary. Exploitation tools enable attackers to abuse exposed vulnerabilities in common software programs, and are a common method to spread malware. | 2 |
|---|---|
| Many file modified events were detected in a very short time frame by the same user, where the file extension is a known encryption extension. The list of extensions is configurable via Encrypted files dictionary. This may indicate a ransomware attack underway, with the intent to deny access to data. | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| A file was created, opened or renamed to one of the known exploitation/hacking tools. The list of names is configurable via Exploitation tools dictionary. Exploitation tools enable attackers to abuse exposed vulnerabilities in common software programs, and are a common method to spread malware. | 2 | 2.3% | |
| Many file modified events were detected in a very short time frame by the same user, where the file extension is a known encryption extension. The list of extensions is configurable via Encrypted files dictionary. This may indicate a ransomware attack underway, with the intent to deny access to data. | 1 | 1.1% | |
| (Missing) | 85 | 96.6% |
| Max length | 301 |
|---|---|
| Mean length | 13.02272727 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
varonis_from
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 96.6% |
| Missing (n) | 85 |
| CVGWPDLPNDP1A [10.50.16.203] | 1 |
|---|---|
| CVGWPXAPPD706 [10.50.84.197] | 1 |
| CVGWPDLPNDP1B [10.50.16.202] | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| CVGWPDLPNDP1A [10.50.16.203] | 1 | 1.1% | |
| CVGWPXAPPD706 [10.50.84.197] | 1 | 1.1% | |
| CVGWPDLPNDP1B [10.50.16.202] | 1 | 1.1% | |
| (Missing) | 85 | 96.6% |
| Max length | 28 |
|---|---|
| Mean length | 3.852272727 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
varonis_id
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 96.6% |
| Missing (n) | 85 |
| ab8b324b-a663-4ac0-ad36-054f0d925f31 | 1 |
|---|---|
| e6d628bd-b15f-4e7d-bcf3-27c1bcd5c9ec | 1 |
| ac61591c-0934-432a-ad6b-ffe26a0c1a6c | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| ab8b324b-a663-4ac0-ad36-054f0d925f31 | 1 | 1.1% | |
| e6d628bd-b15f-4e7d-bcf3-27c1bcd5c9ec | 1 | 1.1% | |
| ac61591c-0934-432a-ad6b-ffe26a0c1a6c | 1 | 1.1% | |
| (Missing) | 85 | 96.6% |
| Max length | 36 |
|---|---|
| Mean length | 4.125 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | True |
varonis_what
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 96.6% |
| Missing (n) | 85 |
| File opened | 2 |
|---|---|
| File created | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| File opened | 2 | 2.3% | |
| File created | 1 | 1.1% | |
| (Missing) | 85 | 96.6% |
| Max length | 12 |
|---|---|
| Mean length | 3.284090909 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
varonis_when
Categorical
| Distinct count | 4 |
|---|---|
| Unique (%) | 4.5% |
| Missing (%) | 96.6% |
| Missing (n) | 85 |
| 9/6/2019 5:08:43 AM | 1 |
|---|---|
| 9/23/2019 7:56:02 PM | 1 |
| 9/4/2019 4:25:55 PM | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| 9/6/2019 5:08:43 AM | 1 | 1.1% | |
| 9/23/2019 7:56:02 PM | 1 | 1.1% | |
| 9/4/2019 4:25:55 PM | 1 | 1.1% | |
| (Missing) | 85 | 96.6% |
| Max length | 20 |
|---|---|
| Mean length | 3.556818182 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
varonis_where
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 96.6% |
| Missing (n) | 85 |
| beef-beef-0.4.4.3.zip ([cvgisln01.nas.afg] \ifs\Departments\GAIC\EISG\Common\Training\CEH\Volume 4\CEHv8 Module 13 Hacking Web Applications\Web Application Pen Testing Tools\BeEF\beef-beef-0.4.4.3.zip) | 2 |
|---|---|
| index-6c5301c9fcf5cf04e5aeb0003955f8f1.code ([cvgisln01.nas.afg] \ifs\Applications\CitrixProfiles\tsprofs\yadhikary\xadesktop\UPM_Profile\AppData\Roaming\Code\CachedData\3db7e09f3b61f915d03bbfa58e258d6eee843f35\index-6c5301c9fcf5cf04e5aeb0003955f8f1.code) | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| beef-beef-0.4.4.3.zip ([cvgisln01.nas.afg] \ifs\Departments\GAIC\EISG\Common\Training\CEH\Volume 4\CEHv8 Module 13 Hacking Web Applications\Web Application Pen Testing Tools\BeEF\beef-beef-0.4.4.3.zip) | 2 | 2.3% | |
| index-6c5301c9fcf5cf04e5aeb0003955f8f1.code ([cvgisln01.nas.afg] \ifs\Applications\CitrixProfiles\tsprofs\yadhikary\xadesktop\UPM_Profile\AppData\Roaming\Code\CachedData\3db7e09f3b61f915d03bbfa58e258d6eee843f35\index-6c5301c9fcf5cf04e5aeb0003955f8f1.code) | 1 | 1.1% | |
| (Missing) | 85 | 96.6% |
| Max length | 255 |
|---|---|
| Mean length | 10.36363636 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | True |
| Contains non-words | True |
varonis_who
Categorical
| Distinct count | 3 |
|---|---|
| Unique (%) | 3.4% |
| Missing (%) | 96.6% |
| Missing (n) | 85 |
| ga.afginc.com\Service Account, svc_dlp_read [svc_dlp_read] | 2 |
|---|---|
| ga.afginc.com\Adhikary, Yudhajit [yadhikary] | 1 |
| (Missing) |
| Value | Count | Frequency (%) | |
| ga.afginc.com\Service Account, svc_dlp_read [svc_dlp_read] | 2 | 2.3% | |
| ga.afginc.com\Adhikary, Yudhajit [yadhikary] | 1 | 1.1% | |
| (Missing) | 85 | 96.6% |
| Max length | 58 |
|---|---|
| Mean length | 4.715909091 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | False |
| Contains spaces | True |
| Contains non-words | True |
Vendor
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
Workspace
Constant
This variable is constant and should be ignored for analysis
| Constant value | Default workspace |
|---|
xmatters_requestId
Categorical
| Distinct count | 2 |
|---|---|
| Unique (%) | 2.3% |
| Missing (%) | 98.9% |
| Missing (n) | 87 |
| 3855b224-85bc-4a13-a203-007ccc971729 | 1 |
|---|---|
| (Missing) |
| Value | Count | Frequency (%) | |
| 3855b224-85bc-4a13-a203-007ccc971729 | 1 | 1.1% | |
| (Missing) | 87 | 98.9% |
| Max length | 36 |
|---|---|
| Mean length | 3.375 |
| Min length | 3 |
| Contains chars | True |
| Contains digits | True |
| Contains spaces | False |
| Contains non-words | True |
Zip
Constant
This variable is constant and should be ignored for analysis
| Constant value | nan |
|---|
First rows
| action_status | Address | Alberta_Health_Risk_Assessment | Alert_Source | Alerts | Assessed_Liability | Attachment_SHA | BU_Code | BU_Code_Legacy | BU_Status | Business_Unit | Categorization | Category | City | Click_Time | computer_last_detection_time | computer_name | computer_number_of_infections | Condemnation_Time | Condition_ID | Country/Region | Created_By | Criminal_Activity | Data_Compromised | Data_Encrypted | Data_Format | Date_Closed | Date_Created | Date_Determined | Date_Discovered | Date_Occurred | Delivery_Time | Dell_Secureworks_Alert_Source | Dell_Secureworks_Category | Dell_Secureworks_Category_Class | Dell_Secureworks_Classification | Dell_Secureworks_Close_Action | Dell_Secureworks_Close_Code | Dell_Secureworks_Description | Dell_Secureworks_Event_Source | Dell_Secureworks_Priority | Dell_Secureworks_Sensor_Name | Dell_Secureworks_Subject | Dell_Secureworks_Ticket# | Dell_Secureworks_Ticket_Type | Department | Description | Destination_IP | Destination_Port | detection_interval | detection_time | Directionality | domain | Dropped | Employee | Employee_Involved | Employee_Involvement | Esclated_To_BU_IT | Exposure_Resolved | Exposure_Type | file_path | GDPR_Breach_Circumstances | GDPR_Breach_Type | GDPR_Breach_Type_Comment | GDPR_Consequences | GDPR_Consequences_Comment | GDPR_Final_Assessment | GDPR_Final_Assessment_Comment | GDPR_Identification | GDPR_Identification_Comment | GDPR_Personal_Data | GDPR_Personal_Data_Comment | GDPR_Subsequent_Notification | Guest_Network_Involvement | Harm_Foreseeable | Header_From | Header_Reply_To | Host_Involved | Host_Name | Hours_worked | HX_Agent_ID | HX_Hostname | HX_IP | HX_UUID | HXname | ID | Impact_Likely | Impacted_System | Incident_Disposition | Incident_Type | Individual_Name | Is_vulnerable? | Item_Number | Joe_Sandbox_Result | Jurisdiction | last_detection_time | Last_Modified | Lawful_Data_Processing_Categories | Location | Machine_Compromised | malware_file_path | malware_name | Members | Message_ID | Message_Size | Month | Morphick_Ticket# | Morphick_Update | Name | Negative_PR | Next_Due_Date | NIST_Attack_Vectors | number_of_infections | Organization | Other_Alert_Source | other_path | Outbound_Threat_Type | Owner | Personal_Email | Phase | PIPEDA_Other_Factors | PIPEDA_Other_Factors_Comment | PIPEDA_Overall_Assessment | PIPEDA_Overall_Assessment_Comment | PIPEDA_Probability_of_Misuse | PIPEDA_Probability_of_Misuse_Comment | PIPEDA_Sensitivity_of_PI | PIPEDA_Sensitivity_of_PI_Comment | Protocol | Recipient | ref_number | remediation_action | Remidiation_Source | Reporting_Individual | Resolution | Resolution_Summary | Risk_of_Harm | Sender | Sender_IP | Sensor_Name | Service_Now_Ticket# | Severity | Simulation | Source_IP | Source_of_Data | Source_Port | State | Status | Subject | Threat_Type | Time_Spent_in_BU_IT | Timestamp | triage_status | URL | URL_Blocked | url_path | User_Agent | varonis_additional_data | varonis_desc | varonis_from | varonis_id | varonis_what | varonis_when | varonis_where | varonis_who | Vendor | Workspace | xmatters_requestId | Zip | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | Succeeded | NaN | Unknown | SCEP | NaN | 0 | NaN | LG0003 | NaN | NaN | Annuity Information Tech | Investigative | NaN | NaN | NaN | NaN | GFR-CVG-0104281.ga.afginc.com | 1.0 | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/9/2019 14:03 | 8/29/2019 19:15 | 8/29/2019 23:14 | 8/29/2019 23:14 | 8/29/2019 23:13 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | System Center Endpoint Protection has detected... | NaN | NaN | NaN | 8/29/2019 23:14 | Inbound | GA | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 7862 | Unknown | NaN | Yes | Suspicious Host Activity | NaN | Unknown | NaN | NaN | NaN | 8/29/2019 23:14 | 9/9/2019 14:03 | NaN | NaN | No | C:\Users\gbell\Downloads\This computer is BLOC... | Trojan:HTML/FakeAlert.B | NaN | NaN | NaN | August | NaN | NaN | Configuration Manager Malware Detected Alert: ... | Unknown | NaN | NaN | 1.0 | GAIG | NaN | NaN | Malware | Gene Kazimiarovich (gkazimiarovich@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NoAction | NaN | SCCM_2012_Alert@gaic.com | Resolved | HTML/FakeAlert. Fire quarantined on touching t... | NaN | NaN | NaN | NaN | NaN | 4 - Low | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | http://ventriculus.gq/story/index.php | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 1 | NaN | NaN | Unknown | Proofpoint | 1.0 | 0 | NaN | BG0057 | NaN | NaN | National Interstate Ins | Event | phish | NaN | 8/29/2019 20:29 | NaN | NaN | NaN | 8/31/2019 6:20 | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/3/2019 8:15 | 8/31/2019 2:21 | 8/31/2019 2:21 | 8/31/2019 2:21 | 8/31/2019 2:21 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | <https://threatinsight.proofpoint.com/44844d21... | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | — | — | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 7863 | Unknown | NaN | Yes | Phishing | NaN | Unknown | NaN | NaN | NaN | NaN | 9/3/2019 8:15 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | August | NaN | NaN | [Proofpoint Link] — [National Interstate Ins] | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | NaN | Nik Whitis (nwhitis@gaig.com) | No | Engage | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | stephanie.ruggles@natl.com | NaN | NaN | NaN | tap-notifications@proofpoint.com | Resolved | The true site behind the office doc appears to... | NaN | — | — | NaN | NaN | 4 - Low | No | 70.62.202.3 | NaN | NaN | NaN | Closed | — | NaN | NaN | NaN | NaN | hxxps://onedrive[.]live[.]com/?authkey=%21AOKA... | NaN | NaN | Mozilla/5.0 (Windows NT 10.0; Win64; x64) App... | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 2 | NaN | NaN | Unknown | Proofpoint | 1.0 | 0 | NaN | BG0057 | NaN | NaN | National Interstate Ins | Investigative | phish | NaN | 8/29/2019 20:17 | NaN | NaN | NaN | 8/31/2019 6:20 | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/3/2019 8:16 | 8/31/2019 2:23 | 8/31/2019 2:23 | 8/31/2019 2:23 | 8/31/2019 2:23 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | <https://threatinsight.proofpoint.com/44844d21... | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | — | — | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 7864 | Unknown | NaN | No | Phishing | NaN | Unknown | NaN | NaN | NaN | NaN | 9/3/2019 8:16 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | August | NaN | NaN | [Proofpoint Link] — [National Interstate Ins] | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | NaN | Nik Whitis (nwhitis@gaig.com) | No | Engage | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | stephanie.ruggles@natl.com | NaN | NaN | NaN | tap-notifications@proofpoint.com | Duplicate | The true site behind the office doc appears to... | NaN | — | — | NaN | NaN | 4 - Low | No | 70.62.202.3 | NaN | NaN | NaN | Closed | — | NaN | NaN | NaN | NaN | hxxps://onedrive[.]live[.]com/?authkey=%21AOKA... | NaN | NaN | Mozilla/5.0 (Windows NT 10.0; Win64; x64) App... | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 3 | NaN | NaN | Unknown | Proofpoint | 1.0 | 0 | NaN | BG0057 | NaN | NaN | National Interstate Ins | Investigative | phish | NaN | 8/29/2019 20:17 | NaN | NaN | NaN | 8/31/2019 6:20 | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/3/2019 8:16 | 8/31/2019 2:23 | 8/31/2019 2:23 | 8/31/2019 2:23 | 8/31/2019 2:23 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | <https://threatinsight.proofpoint.com/44844d21... | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | — | — | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 7865 | Unknown | NaN | No | Phishing | NaN | Unknown | NaN | NaN | NaN | NaN | 9/3/2019 8:16 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | August | NaN | NaN | [Proofpoint Link] — [National Interstate Ins] | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | NaN | Nik Whitis (nwhitis@gaig.com) | No | Engage | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | stephanie.ruggles@natl.com | NaN | NaN | NaN | tap-notifications@proofpoint.com | Duplicate | The true site behind the office doc appears to... | NaN | — | — | NaN | NaN | 4 - Low | No | 70.62.202.3 | NaN | NaN | NaN | Closed | — | NaN | NaN | NaN | NaN | hxxps://onedrive[.]live[.]com/?authkey=%21AOKA... | NaN | NaN | Mozilla/5.0 (Windows NT 10.0; Win64; x64) App... | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 4 | NaN | NaN | Unknown | Morphick | 3.0 | 0 | NaN | BG0020 | NaN | NaN | IT Services | Investigative | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Resilient-Email Connector (irhubacct@rsystems.... | No | Unknown | Unknown | NaN | 9/5/2019 8:24 | 9/3/2019 13:19 | 9/3/2019 13:19 | 9/3/2019 13:19 | 9/3/2019 13:19 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Item of Interest 3 - Moderate Investigation Su... | NaN | NaN | NaN | NaN | Inbound | NaN | No | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 7877 | Unknown | NaN | No | Suspicious Network Traffic | NaN | Unknown | NaN | NaN | NaN | NaN | 9/9/2019 9:41 | NaN | NaN | No | NaN | NaN | NaN | NaN | NaN | September | CS0015758 | NaN | BAH Item of Interest - Severity: 3 - Moderate ... | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | Malware | Paul Karklins (pkarklins@gaig.com) | No | Detect/Analyze | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | MSG0144748 | NaN | NaN | cases@mts.bah.com | Not an Issue | Confirmed that this traffic was legitimate. S... | NaN | NaN | NaN | NaN | NaN | 5 - Informational | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 5 | NaN | NaN | Unknown | Proofpoint | 1.0 | 0 | NaN | BG0008 | NaN | NaN | Crop Division | Investigative | phish | NaN | 8/23/2019 19:46 | NaN | NaN | NaN | 9/4/2019 0:46 | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/4/2019 8:15 | 9/3/2019 20:47 | 9/3/2019 20:47 | 9/3/2019 20:47 | 9/3/2019 20:47 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | <https://threatinsight.proofpoint.com/769da03a... | NaN | NaN | NaN | NaN | Inbound | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | — | — | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 7878 | Unknown | NaN | No | Phishing | NaN | Unknown | NaN | NaN | NaN | NaN | 9/4/2019 8:16 | NaN | NaN | No | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | [Proofpoint Link] — [Crop Division] | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | Malware | Paul Karklins (pkarklins@gaig.com) | No | Engage | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | celias@gaic.com | NaN | NaN | NaN | tap-notifications@proofpoint.com | Not an Issue | This was a false positive for phishing. | NaN | — | — | NaN | NaN | 4 - Low | No | 208.65.192.1 | NaN | NaN | NaN | Closed | — | NaN | NaN | NaN | NaN | hxxps://u345601[.]ct[.]sendgrid[.]net/wf/click... | NaN | NaN | Mozilla/5.0 (Windows NT 10.0; Win64; x64) App... | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 6 | NaN | NaN | Unknown | Proofpoint | 1.0 | 0 | NaN | BG0008 | NaN | NaN | Crop Division | Investigative | phish | NaN | 8/23/2019 19:49 | NaN | NaN | NaN | 9/4/2019 0:46 | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/4/2019 8:13 | 9/3/2019 20:47 | 9/3/2019 20:47 | 9/3/2019 20:47 | 9/3/2019 20:47 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | <https://threatinsight.proofpoint.com/769da03a... | NaN | NaN | NaN | NaN | Inbound | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | — | — | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 7880 | Unknown | NaN | No | Phishing | NaN | Unknown | NaN | NaN | NaN | NaN | 9/4/2019 8:13 | NaN | NaN | No | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | [Proofpoint Link] — [Crop Division] | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | Malware | Paul Karklins (pkarklins@gaig.com) | No | Engage | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | celias@gaic.com | NaN | NaN | NaN | tap-notifications@proofpoint.com | Not an Issue | This was a false positive for phishing. | NaN | — | — | NaN | NaN | 4 - Low | No | 208.65.192.1 | NaN | NaN | NaN | Closed | — | NaN | NaN | NaN | NaN | hxxps://u345601[.]ct[.]sendgrid[.]net/wf/click... | NaN | NaN | Mozilla/5.0 (Windows NT 10.0; Win64; x64) App... | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 7 | NaN | NaN | Unknown | PhishMe | 1.0 | 0 | NaN | BG0019 | NaN | NaN | AFG Internal Audit | Investigative | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/4/2019 13:47 | 9/4/2019 9:54 | 9/4/2019 9:54 | 9/4/2019 9:54 | 9/4/2019 9:54 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Incident Response team, We have completed an i... | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 7882 | Unknown | NaN | No | NaN | NaN | Unknown | NaN | NaN | NaN | NaN | 9/4/2019 13:50 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | [Triage] Completed Investigation unavailable [... | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | NaN | Paul Karklins (pkarklins@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | PhishingNotice@gaig.com | NaN | NaN | NaN | PhishingNotice@gaig.com | Resolved | Investigated by Interns. Determined that no fu... | NaN | NaN | NaN | NaN | NaN | 4 - Low | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 8 | NaN | NaN | Unknown | PhishMe | 1.0 | 0 | NaN | BG0051 | NaN | NaN | Summit | Investigative | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/4/2019 13:52 | 9/4/2019 9:54 | 9/4/2019 9:54 | 9/4/2019 9:54 | 9/4/2019 9:54 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Incident Response team, We have completed an i... | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 7883 | Unknown | NaN | No | NaN | NaN | Unknown | NaN | NaN | NaN | NaN | 9/4/2019 13:53 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | [Triage] Completed Investigation unavailable [... | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | NaN | Paul Karklins (pkarklins@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | PhishingNotice@gaig.com | NaN | NaN | NaN | PhishingNotice@gaig.com | Resolved | Investigated by Interns. Determined that no fu... | NaN | NaN | NaN | NaN | NaN | 4 - Low | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 9 | NaN | NaN | Unknown | PhishMe | 1.0 | 0 | NaN | LG0003 | NaN | NaN | Annuity Information Tech | Investigative | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/4/2019 13:54 | 9/4/2019 9:56 | 9/4/2019 9:56 | 9/4/2019 9:56 | 9/4/2019 9:56 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Incident Response team, We have completed an i... | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 7884 | Unknown | NaN | No | NaN | NaN | Unknown | NaN | NaN | NaN | NaN | 9/4/2019 13:54 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | [Triage] Completed Investigation unavailable [... | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | NaN | Paul Karklins (pkarklins@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | PhishingNotice@gaig.com | NaN | NaN | NaN | PhishingNotice@gaig.com | Resolved | Investigated by Interns. Determined that no fu... | NaN | NaN | NaN | NaN | NaN | 4 - Low | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
Last rows
| action_status | Address | Alberta_Health_Risk_Assessment | Alert_Source | Alerts | Assessed_Liability | Attachment_SHA | BU_Code | BU_Code_Legacy | BU_Status | Business_Unit | Categorization | Category | City | Click_Time | computer_last_detection_time | computer_name | computer_number_of_infections | Condemnation_Time | Condition_ID | Country/Region | Created_By | Criminal_Activity | Data_Compromised | Data_Encrypted | Data_Format | Date_Closed | Date_Created | Date_Determined | Date_Discovered | Date_Occurred | Delivery_Time | Dell_Secureworks_Alert_Source | Dell_Secureworks_Category | Dell_Secureworks_Category_Class | Dell_Secureworks_Classification | Dell_Secureworks_Close_Action | Dell_Secureworks_Close_Code | Dell_Secureworks_Description | Dell_Secureworks_Event_Source | Dell_Secureworks_Priority | Dell_Secureworks_Sensor_Name | Dell_Secureworks_Subject | Dell_Secureworks_Ticket# | Dell_Secureworks_Ticket_Type | Department | Description | Destination_IP | Destination_Port | detection_interval | detection_time | Directionality | domain | Dropped | Employee | Employee_Involved | Employee_Involvement | Esclated_To_BU_IT | Exposure_Resolved | Exposure_Type | file_path | GDPR_Breach_Circumstances | GDPR_Breach_Type | GDPR_Breach_Type_Comment | GDPR_Consequences | GDPR_Consequences_Comment | GDPR_Final_Assessment | GDPR_Final_Assessment_Comment | GDPR_Identification | GDPR_Identification_Comment | GDPR_Personal_Data | GDPR_Personal_Data_Comment | GDPR_Subsequent_Notification | Guest_Network_Involvement | Harm_Foreseeable | Header_From | Header_Reply_To | Host_Involved | Host_Name | Hours_worked | HX_Agent_ID | HX_Hostname | HX_IP | HX_UUID | HXname | ID | Impact_Likely | Impacted_System | Incident_Disposition | Incident_Type | Individual_Name | Is_vulnerable? | Item_Number | Joe_Sandbox_Result | Jurisdiction | last_detection_time | Last_Modified | Lawful_Data_Processing_Categories | Location | Machine_Compromised | malware_file_path | malware_name | Members | Message_ID | Message_Size | Month | Morphick_Ticket# | Morphick_Update | Name | Negative_PR | Next_Due_Date | NIST_Attack_Vectors | number_of_infections | Organization | Other_Alert_Source | other_path | Outbound_Threat_Type | Owner | Personal_Email | Phase | PIPEDA_Other_Factors | PIPEDA_Other_Factors_Comment | PIPEDA_Overall_Assessment | PIPEDA_Overall_Assessment_Comment | PIPEDA_Probability_of_Misuse | PIPEDA_Probability_of_Misuse_Comment | PIPEDA_Sensitivity_of_PI | PIPEDA_Sensitivity_of_PI_Comment | Protocol | Recipient | ref_number | remediation_action | Remidiation_Source | Reporting_Individual | Resolution | Resolution_Summary | Risk_of_Harm | Sender | Sender_IP | Sensor_Name | Service_Now_Ticket# | Severity | Simulation | Source_IP | Source_of_Data | Source_Port | State | Status | Subject | Threat_Type | Time_Spent_in_BU_IT | Timestamp | triage_status | URL | URL_Blocked | url_path | User_Agent | varonis_additional_data | varonis_desc | varonis_from | varonis_id | varonis_what | varonis_when | varonis_where | varonis_who | Vendor | Workspace | xmatters_requestId | Zip | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 78 | NaN | NaN | Unknown | Proofpoint | 1.0 | 0 | NaN | BG0033 | NaN | NaN | Strategic Comp | Event | malware | NaN | 9/25/2019 19:47 | NaN | NaN | NaN | 9/25/2019 19:53 | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/26/2019 11:02 | 9/25/2019 15:54 | 9/25/2019 15:54 | 9/25/2019 15:54 | 9/25/2019 15:53 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | <https://threatinsight.proofpoint.com/769da03a... | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | — | — | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 8057 | Unknown | NaN | Yes | Malware | NaN | Unknown | NaN | NaN | NaN | NaN | 9/26/2019 11:02 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | [Proofpoint Link] — [Strategic Comp] | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | NaN | Nik Whitis (nwhitis@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | bbulls@strategiccomp.com | NaN | NaN | NaN | tap-notifications@proofpoint.com | Resolved | Barbara informed me that a former colleague of... | NaN | — | — | NaN | NaN | 4 - Low | No | 208.65.192.1 | NaN | NaN | NaN | Closed | — | NaN | NaN | NaN | NaN | hxxp://yasamkurusatis[.]com/wp-content/uploads... | NaN | NaN | Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7... | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 79 | Succeeded | NaN | Unknown | SCEP | NaN | 0 | NaN | BG0033 | NaN | NaN | Strategic Comp | Event | NaN | NaN | NaN | NaN | SCICITRIXF.ga.afginc.com | 1.0 | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/26/2019 11:04 | 9/25/2019 16:34 | 9/25/2019 20:32 | 9/25/2019 20:32 | 9/25/2019 20:32 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | System Center Endpoint Protection has detected... | NaN | NaN | NaN | 9/25/2019 20:32 | NaN | GA | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 8059 | Unknown | NaN | Yes | Malware | NaN | Unknown | NaN | NaN | NaN | 9/25/2019 20:32 | 9/26/2019 11:04 | NaN | NaN | NaN | NaN | Behavior:Win32/Meterpreter.gen!A | NaN | NaN | NaN | September | NaN | NaN | Configuration Manager Malware Detected Alert: ... | Unknown | NaN | NaN | 1.0 | GAIG | NaN | NaN | NaN | Nik Whitis (nwhitis@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Quarantine | NaN | SCCM_2012_Alert@gaic.com | Duplicate | Malware turned out to be a Qbot variant that s... | NaN | NaN | NaN | NaN | NaN | 5 - Informational | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 80 | Succeeded | NaN | Unknown | SCEP | NaN | 0 | NaN | BG0033 | NaN | NaN | Strategic Comp | Event | NaN | NaN | NaN | NaN | SCICITRIXF.ga.afginc.com | 1.0 | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/26/2019 11:04 | 9/25/2019 16:41 | 9/25/2019 20:34 | 9/25/2019 20:34 | 9/25/2019 20:34 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | System Center Endpoint Protection has detected... | NaN | NaN | NaN | 9/25/2019 20:34 | NaN | GA | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 8060 | Unknown | NaN | Yes | Malware | NaN | Unknown | NaN | NaN | NaN | 9/25/2019 20:34 | 9/26/2019 11:04 | NaN | NaN | NaN | C:\Users\bbulls\AppData\Local\Temp\4f05.dll | Trojan:Win32/Swrort.A | NaN | NaN | NaN | September | NaN | NaN | Configuration Manager Malware Detected Alert: ... | Unknown | NaN | NaN | 1.0 | GAIG | NaN | NaN | NaN | Nik Whitis (nwhitis@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Quarantine | NaN | SCCM_2012_Alert@gaic.com | Duplicate | Malware turned out to be a Qbot variant that s... | NaN | NaN | NaN | NaN | NaN | 5 - Informational | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 81 | Succeeded | NaN | Unknown | SCEP | NaN | 0 | NaN | BG0033 | NaN | NaN | Strategic Comp | Event | NaN | NaN | NaN | NaN | SCICITRIXF.ga.afginc.com | 1.0 | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/26/2019 11:04 | 9/25/2019 16:47 | 9/25/2019 20:43 | 9/25/2019 20:43 | 9/25/2019 20:43 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | System Center Endpoint Protection has detected... | NaN | NaN | NaN | 9/25/2019 20:43 | NaN | GA | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 8061 | Unknown | NaN | Yes | Malware | NaN | Unknown | NaN | NaN | NaN | 9/25/2019 20:43 | 9/26/2019 11:04 | NaN | NaN | NaN | NaN | Behavior:Win32/Atosev.gen!A | NaN | NaN | NaN | September | NaN | NaN | Configuration Manager Malware Detected Alert: ... | Unknown | NaN | NaN | 1.0 | GAIG | NaN | NaN | NaN | Nik Whitis (nwhitis@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Quarantine | NaN | SCCM_2012_Alert@gaic.com | Resolved | Malware turned out to be a Qbot variant that s... | NaN | NaN | NaN | NaN | NaN | 2 - High | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 82 | NaN | NaN | Unknown | SecureWorks | 1.0 | 0 | NaN | BG0033 | NaN | NaN | Strategic Comp | Event | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/26/2019 11:09 | 9/25/2019 22:47 | 9/25/2019 22:47 | 9/25/2019 22:47 | 9/25/2019 22:47 | NaN | IDS | Command and Control | Security | Opportunistic | NaN | NaN | =========================\nIncident Overview\n... | MPLE | HIGH | NaN | Sourcefire AMP: Threat Detected in Network Fil... | IN33681248 | INCIDENT | NaN | <https://portal.secureworks.com/portal/inciden... | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 8062 | Unknown | NaN | Yes | Malware | NaN | Unknown | NaN | NaN | NaN | NaN | 9/26/2019 11:09 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | [DSWRX Event] Sourcefire AMP: Threat Detected ... | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | NaN | Nik Whitis (nwhitis@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | service@secureworks.com | Duplicate | The domain serving the malware has now been bl... | NaN | NaN | NaN | NaN | NaN | 5 - Informational | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | 3855b224-85bc-4a13-a203-007ccc971729 | NaN |
| 83 | NaN | NaN | Unknown | SecureWorks | 1.0 | 0 | NaN | BG0033 | NaN | NaN | Strategic Comp | Event | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/26/2019 11:09 | 9/25/2019 22:57 | 9/25/2019 22:57 | 9/25/2019 22:57 | 9/25/2019 22:57 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | [External] (ANSOC) Secureworks Ticket #3368124... | NaN | NaN | NaN | <https://portal.secureworks.com/portal/inciden... | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 8063 | Unknown | NaN | Yes | Malware | NaN | Unknown | NaN | NaN | NaN | NaN | 9/26/2019 11:09 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | [External] (ANSOC) Secureworks Ticket #3368124... | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | NaN | Nik Whitis (nwhitis@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | service@secureworks.com | Resolved | The domain serving the malware has now been bl... | NaN | NaN | NaN | NaN | NaN | 2 - High | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 84 | NaN | NaN | Unknown | Preempt | 1.0 | 0 | NaN | BG0046 | NaN | NaN | Public Sector Division | Investigative | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/26/2019 10:35 | 9/26/2019 0:19 | 9/26/2019 0:19 | 9/26/2019 0:19 | 9/26/2019 0:19 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | This mail is an immediate notification of an I... | NaN | NaN | NaN | NaN | Inbound | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 8064 | Unknown | NaN | Yes | Suspicious Host Activity | NaN | Unknown | NaN | NaN | NaN | NaN | 9/26/2019 10:35 | NaN | NaN | No | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | Preempt Alert: [INC-16420] Potential Risky Act... | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | Malware | Gene Kazimiarovich (gkazimiarovich@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Resolved | Login detected from the following hosts:\n\nCV... | NaN | NaN | NaN | NaN | NaN | 4 - Low | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 85 | NaN | NaN | Unknown | Proofpoint | 1.0 | 0 | NaN | LG0006 | NaN | NaN | Annuity Great American Ad | Event | phish | NaN | 9/27/2019 18:43 | NaN | NaN | NaN | 9/27/2019 20:14 | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/30/2019 9:52 | 9/27/2019 16:15 | 9/27/2019 16:15 | 9/27/2019 16:15 | 9/27/2019 16:15 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | <https://threatinsight.proofpoint.com/769da03a... | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | — | — | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 8069 | Unknown | NaN | Yes | Phishing | NaN | Unknown | NaN | NaN | NaN | NaN | 9/30/2019 9:52 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | [Proofpoint Link] — [Annuity Great American Ad] | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | NaN | Nik Whitis (nwhitis@gaig.com) | No | Engage | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | pnerone@gaig.com | NaN | NaN | NaN | tap-notifications@proofpoint.com | Resolved | Notified Peter that the email was malicious an... | NaN | — | — | NaN | NaN | 4 - Low | No | 208.65.192.1 | NaN | NaN | NaN | Closed | — | NaN | NaN | NaN | NaN | hxxps://app[.]box[.]com/s/djr591utixpcrt3m17z3... | NaN | NaN | Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/... | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 86 | NaN | NaN | Unknown | SecureWorks | 1.0 | 0 | NaN | BG0MEX | NaN | NaN | El Ag Specialty (Division Danos Mexico) | Investigative | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/30/2019 8:49 | 9/28/2019 12:14 | 9/28/2019 12:14 | 9/28/2019 12:14 | 9/28/2019 12:14 | NaN | - | - | - | - | NaN | NaN | - | - | - | NaN | - | 33714161 | - | NaN | <https://portal.secureworks.com/portal/healtht... | NaN | NaN | NaN | NaN | Inbound | NaN | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 8074 | Unknown | NaN | Yes | Health Alert | NaN | Unknown | NaN | NaN | NaN | NaN | 9/30/2019 8:49 | NaN | NaN | No | NaN | NaN | NaN | NaN | NaN | September | NaN | NaN | [External] Subject: Secureworks Ticket #337141... | Unknown | NaN | NaN | NaN | GAIG | NaN | NaN | Malware | Paul Karklins (pkarklins@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | service@secureworks.com | Resolved | Sensor rebooted and status back to normal. | NaN | NaN | NaN | NaN | NaN | 4 - Low | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |
| 87 | Succeeded | NaN | Unknown | SCEP | NaN | 0 | NaN | BG0018 | NaN | NaN | Great American Custom | Investigative | NaN | NaN | NaN | NaN | D-5R4XH02.gamcustom.local | 1.0 | NaN | NaN | NaN | Resilient Admin (resilient_automation@gaig.com) | No | Unknown | Unknown | NaN | 9/30/2019 9:31 | 9/28/2019 14:24 | 9/28/2019 18:22 | 9/28/2019 18:22 | 9/28/2019 18:21 | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | System Center Endpoint Protection has detected... | NaN | NaN | NaN | 9/28/2019 18:22 | Inbound | GAMCUSTOM | Unknown | NaN | Unknown | Unknown | NaN | Unknown | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Unknown | No | Unknown | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | 8075 | Unknown | NaN | No | Malware | NaN | Unknown | NaN | NaN | NaN | 9/28/2019 18:22 | 9/30/2019 9:32 | NaN | NaN | No | C:\Users\ruizl\OneDrive - Netconic IT\Tech Stu... | HackTool:Win32/WirKey | NaN | NaN | NaN | September | NaN | NaN | Configuration Manager Malware Detected Alert: ... | Unknown | NaN | NaN | 1.0 | GAIG | NaN | NaN | Malware | Paul Karklins (pkarklins@gaig.com) | No | Respond | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NoAction | NaN | SCCM_2012_Alert@gaic.com | Not an Issue | User confirmed this was a admin tool used in t... | NaN | NaN | NaN | NaN | NaN | 5 - Informational | No | NaN | NaN | NaN | NaN | Closed | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | NaN | Default workspace | NaN | NaN |